-
1:管理人です
:
2017/02/12 (Sun) 14:04:13
-
https://bbs5.fc2.com//bbs/img/_850600/850591/full/850591_1486875853.png
htt://regclean-pro.findmysoft.com/download/
Reg Clean Proをダウンロードし感染へ
ママ姐女史ことcrara「6」という変な人が今「Combo Fixが熱い」と意味不明な絶叫を繰り返しているので使ってみましょうか(爆)
↓
ComboFix 17-01-29.01 - unko 2017/02/12 13:32:04.1.2 - x86 MINIMAL
Running from: c:\users\unko\Desktop\ComboFix.exe
AV: SecureAPlus Antivirus *Disabled/Updated* {9BFA2AFA-9131-1E87-D290-6C0FAD7AF01D}
AV: ノートン セキュリティ *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: ノートン セキュリティ *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: SecureAPlus *Enabled/Updated* {209BCB1E-B70B-1109-E820-577DD6FDBAA0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ノートン セキュリティ *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WinZip Driver Updater
c:\program files\WinZip Driver Updater\7za.exe
c:\program files\WinZip Driver Updater\defaults\Brazilian.xml
c:\program files\WinZip Driver Updater\defaults\Brazilian1
c:\program files\WinZip Driver Updater\defaults\Brazilian2
c:\program files\WinZip Driver Updater\defaults\Danish.xml
c:\program files\WinZip Driver Updater\defaults\Danish1
c:\program files\WinZip Driver Updater\defaults\Danish2
c:\program files\WinZip Driver Updater\defaults\Dutch.xml
c:\program files\WinZip Driver Updater\defaults\Dutch1
c:\program files\WinZip Driver Updater\defaults\Dutch2
c:\program files\WinZip Driver Updater\defaults\English.xml
c:\program files\WinZip Driver Updater\defaults\English1
c:\program files\WinZip Driver Updater\defaults\English2
c:\program files\WinZip Driver Updater\defaults\Finnish.xml
c:\program files\WinZip Driver Updater\defaults\Finnish1
c:\program files\WinZip Driver Updater\defaults\Finnish2
c:\program files\WinZip Driver Updater\defaults\French.xml
c:\program files\WinZip Driver Updater\defaults\French1
c:\program files\WinZip Driver Updater\defaults\French2
c:\program files\WinZip Driver Updater\defaults\German.xml
c:\program files\WinZip Driver Updater\defaults\German1
c:\program files\WinZip Driver Updater\defaults\German2
c:\program files\WinZip Driver Updater\defaults\Italian.xml
c:\program files\WinZip Driver Updater\defaults\Italian1
c:\program files\WinZip Driver Updater\defaults\Italian2
c:\program files\WinZip Driver Updater\defaults\Japanese.xml
c:\program files\WinZip Driver Updater\defaults\Japanese1
c:\program files\WinZip Driver Updater\defaults\Japanese2
c:\program files\WinZip Driver Updater\defaults\Norwegian.xml
c:\program files\WinZip Driver Updater\defaults\Norwegian1
c:\program files\WinZip Driver Updater\defaults\Norwegian2
c:\program files\WinZip Driver Updater\defaults\Russian.xml
c:\program files\WinZip Driver Updater\defaults\Russian1
c:\program files\WinZip Driver Updater\defaults\Russian2
c:\program files\WinZip Driver Updater\defaults\Spanish.xml
c:\program files\WinZip Driver Updater\defaults\Spanish1
c:\program files\WinZip Driver Updater\defaults\Spanish2
c:\program files\WinZip Driver Updater\defaults\Swedish.xml
c:\program files\WinZip Driver Updater\defaults\Swedish1
c:\program files\WinZip Driver Updater\defaults\Swedish2
c:\program files\WinZip Driver Updater\defaults\TradChinese.xml
c:\program files\WinZip Driver Updater\defaults\TradChinese1
c:\program files\WinZip Driver Updater\defaults\TradChinese2
c:\program files\WinZip Driver Updater\defaults\Turkish.xml
c:\program files\WinZip Driver Updater\defaults\Turkish1
c:\program files\WinZip Driver Updater\defaults\Turkish2
c:\program files\WinZip Driver Updater\DriverUpdater.exe
c:\program files\WinZip Driver Updater\DriverUpdaterSetup.exe
c:\program files\WinZip Driver Updater\DriverUpdaterUpdater.exe
c:\program files\WinZip Driver Updater\lci.lci
c:\program files\WinZip Driver Updater\tray.exe
c:\program files\WinZip Driver Updater\Uninstall.exe
c:\users\unko\AppData\Roaming\baidu\hao123
c:\users\unko\AppData\Roaming\baidu\hao123\hao123.exe
.
.
((((((((((((((((((((((((( Files Created from 2017-01-12 to 2017-02-12 )))))))))))))))))))))))))))))))
.
.
2017-02-12 04:39 . 2017-02-12 04:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-02-09 21:02 . 2017-02-09 21:02 -------- d-----w- c:\program files\trend micro
2017-02-09 21:02 . 2017-02-09 21:02 -------- d-----w- C:\rsit
2017-02-09 01:23 . 2017-02-09 01:23 -------- d-----w- c:\program files\Common Files\AV
2017-02-09 00:46 . 2017-02-09 00:46 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2017-02-08 08:23 . 2017-02-09 01:10 87792 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2017-02-08 08:23 . 2017-02-08 08:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2017-02-08 08:19 . 2017-02-09 09:17 -------- d-----w- c:\windows\system32\drivers\NS
2017-02-08 08:19 . 2017-02-08 08:19 -------- d-----w- c:\program files\Norton Security
2017-02-08 08:19 . 2017-02-08 08:26 -------- d-----w- c:\programdata\Norton
2017-02-08 08:19 . 2017-02-08 08:19 -------- d-----w- c:\program files\NortonInstaller
2017-02-07 17:17 . 2017-01-09 04:45 9561744 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ABBA8827-90D6-48FF-BDDC-C6575C31C3B2}\mpengine.dll
2017-02-07 13:12 . 2017-02-08 09:07 -------- d-----w- c:\users\unko\AppData\Local\CrashDumps
2017-02-06 10:54 . 2017-02-09 21:00 -------- d-----w- c:\users\unko\AppData\Roaming\ZHP
2017-02-06 05:54 . 2017-02-06 05:54 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-02-06 02:39 . 2017-02-09 21:29 -------- d-----w- C:\zoek_backup
2017-02-06 02:34 . 2017-02-06 05:11 -------- d-----w- c:\program files\Glary Utilities 5
2017-02-06 02:20 . 2017-02-06 02:20 -------- d-----w- c:\users\unko\AppData\Roaming\SecureAge Technology
2017-02-05 16:10 . 2017-02-05 16:10 -------- d-----w- c:\programdata\ClamAV
2017-02-05 16:10 . 2017-02-05 16:10 -------- d-----w- c:\program files\SecureAge
2017-02-05 16:06 . 2017-02-05 16:06 -------- d-----w- c:\programdata\SecureAge Technology
2017-01-26 00:42 . 2017-01-26 00:42 -------- d-----w- c:\users\unko\AppData\Roaming\Wireshark
2017-01-26 00:17 . 2017-01-26 00:18 -------- d-----w- c:\program files\USBPcap
2017-01-26 00:16 . 2017-01-26 00:16 -------- d-----w- c:\program files\WinPcap
2017-01-26 00:12 . 2017-01-26 00:20 -------- d-----w- c:\program files\Wireshark
2017-01-20 01:00 . 2017-01-20 01:00 228312 ----a-w- c:\windows\system32\drivers\saappctl.sys
2017-01-17 15:52 . 2017-02-12 03:48 219584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-17 15:51 . 2017-01-19 22:47 59976 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-01-17 15:51 . 2017-02-09 00:48 -------- d-----w- c:\programdata\Malwarebytes
2017-01-17 15:51 . 2017-01-17 15:51 -------- d-----w- c:\program files\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-10 16:52 . 2017-01-10 16:52 9216 ----a-w- c:\windows\system32\drivers\videX32.sys
2017-01-10 16:52 . 2017-01-10 16:52 53248 ----a-w- c:\windows\system32\drivers\ViPrt.sys
2017-01-10 16:52 . 2017-01-10 16:52 29184 ----a-w- c:\windows\system32\drivers\viapdsk.sys
2017-01-10 16:52 . 2017-01-10 16:52 16896 ----a-w- c:\windows\system32\drivers\ViBus.sys
2017-01-10 16:52 . 2017-01-10 16:52 145952 ----a-w- c:\windows\system32\drivers\nvgts.sys
2017-01-10 16:52 . 2017-01-10 16:52 133152 ----a-w- c:\windows\system32\drivers\nvrd32.sys
2017-01-10 16:52 . 2017-01-10 16:52 117248 ----a-w- c:\windows\system32\drivers\viamraid.sys
2017-01-10 16:52 . 2017-01-10 16:52 7060 ----a-w- c:\windows\system32\drivers\setup.reg
2017-01-10 16:52 . 2015-12-18 18:21 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2017-01-10 16:52 . 2006-11-02 08:35 36224 ----a-w- c:\windows\system32\drivers\isapnp.sys
2017-01-10 16:52 . 2006-11-02 07:36 68864 ----a-w- c:\windows\system32\drivers\sisraid4.sys
2017-01-10 16:52 . 2006-11-02 07:36 47616 ----a-w- c:\windows\system32\drivers\sisraid2.sys
2017-01-10 16:52 . 2017-01-10 16:52 79360 ----a-w- c:\windows\system32\drivers\nvatabus.sys
2017-01-10 16:52 . 2017-01-10 16:52 63616 ----a-w- c:\windows\system32\drivers\mv614x.sys
2017-01-10 16:52 . 2017-01-10 16:52 5632 ----a-w- c:\windows\system32\drivers\mv64xxmm.sys
2017-01-10 16:52 . 2017-01-10 16:52 52480 ----a-w- c:\windows\system32\drivers\m5289.sys
2017-01-10 16:52 . 2017-01-10 16:52 51072 ----a-w- c:\windows\system32\drivers\m5281.sys
2017-01-10 16:52 . 2017-01-10 16:52 493744 ----a-w- c:\windows\system32\drivers\rcxpahci.sys
2017-01-10 16:52 . 2017-01-10 16:52 493744 ----a-w- c:\windows\system32\drivers\rcraid.sys
2017-01-10 16:52 . 2017-01-10 16:52 477696 ----a-w- c:\windows\system32\drivers\iaStor47.sys
2017-01-10 16:52 . 2017-01-10 16:52 471360 ----a-w- c:\windows\system32\drivers\iaStor.sys
2017-01-10 16:52 . 2017-01-10 16:52 45069 ----a-w- c:\windows\system32\drivers\m5228.sys
2017-01-10 16:52 . 2017-01-10 16:52 43520 ----a-w- c:\windows\system32\drivers\mvsata.sys
2017-01-10 16:52 . 2017-01-10 16:52 308248 ----a-w- c:\windows\system32\drivers\iaStor78.sys
2017-01-10 16:52 . 2017-01-10 16:52 285736 ----a-w- c:\windows\system32\drivers\mv64xx.sys
2017-01-10 16:52 . 2017-01-10 16:52 275760 ----a-w- c:\windows\system32\drivers\mv91xx.sys
2017-01-10 16:52 . 2017-01-10 16:52 228688 ----a-w- c:\windows\system32\drivers\ahcix86.sys
2017-01-10 16:52 . 2017-01-10 16:52 210304 ----a-w- c:\windows\system32\drivers\m5288.sys
2017-01-10 16:52 . 2017-01-10 16:52 159536 ----a-w- c:\windows\system32\drivers\mv61xx.sys
2017-01-10 16:52 . 2017-01-10 16:52 13616 ----a-w- c:\windows\system32\drivers\mvxxmm.sys
2017-01-10 16:52 . 2017-01-10 16:52 13616 ----a-w- c:\windows\system32\drivers\mv61xxmm.sys
2017-01-10 16:52 . 2017-01-10 16:52 123392 ----a-w- c:\windows\system32\drivers\ahci8086.sys
2017-01-10 16:52 . 2017-01-10 16:52 103680 ----a-w- c:\windows\system32\drivers\m5287.sys
2017-01-10 16:52 . 2017-01-10 16:52 103512 ----a-w- c:\windows\system32\drivers\jraid.sys
2017-01-10 16:52 . 2006-11-02 08:51 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2017-01-10 16:52 . 2006-11-02 08:51 7311 ----a-w- c:\windows\system32\drivers\aliide.sys
2017-01-10 16:52 . 2006-11-02 07:36 68224 ----a-w- c:\windows\system32\drivers\nvraid.sys
2017-01-10 16:52 . 2006-11-02 07:36 25424 ----a-w- c:\windows\system32\drivers\iteatapi.sys
2017-01-10 16:52 . 2006-11-02 07:36 26112 ----a-w- c:\windows\system32\drivers\iteraid.sys
2017-01-05 02:50 . 2016-10-13 05:39 51848 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2016-12-05 17:46 . 2017-01-05 12:12 21696 ----a-w- c:\windows\system32\fbnative.exe
2016-12-05 17:45 . 2015-12-21 12:18 20984 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2016-12-05 17:45 . 2015-12-21 12:18 195576 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2016-12-05 17:45 . 2015-12-21 12:18 56824 ----a-w- c:\windows\system32\drivers\eubakup.sys
2016-12-05 17:45 . 2015-12-21 12:18 46584 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2016-01-03 634504]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2017-01-13 43984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SystemExplorerAutoStart"="c:\program files\System Explorer\SystemExplorer.exe" [2016-04-12 3390776]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-19 2780112]
"Everything"="c:\program files\SecureAge\Everything\Everything.exe" [2014-08-06 1048576]
"SAAppWhitelistingNotifier"="c:\program files\SecureAge\Whitelist\sanotifier.exe" [2017-01-20 4252448]
"SecureAPlus"="c:\program files\SecureAge\Whitelist\SecureAPlus.exe" [2017-01-20 6382488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
クライアントユーティリティ.lnk - c:\program files\Logitec\LAN-W150N-U2\Common\RaUI.exe -s [2015-12-19 12891648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\saappsvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-01-05 11:03 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://jp.hao123.com?tn=installc_pay_hp_88_hao123_jp
mStart Page = hxxp://jp.hao123.com?tn=installc_pay_hp_88_hao123_jp
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.179.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MBAMSwissArmy
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-DesktopIconCALLofWAR - c:\users\unko\AppData\Roaming\DesktopIconCALLofWAR\desktopicon-CALLofWAR.exe
AddRemove-DesktopIconGoodgame - c:\users\unko\AppData\Roaming\DesktopIconGoodgame\desktopicon-Goodgame.exe
AddRemove-WinZip Driver Updater - c:\program files\WinZip Driver Updater\Uninstall.exe
AddRemove-{958A475F-037D-401A-AC05-209725973E11}_is1 - c:\program files\Booking.com\unins000.exe
AddRemove-hao123desk-jp - c:\users\unko\AppData\Roaming\baidu\hao123\hao123.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-02-12 13:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NS]
"ImagePath"="\"c:\program files\Norton Security\Engine\22.8.0.50\NS.exe\" /s \"NS\" /m \"c:\program files\Norton Security\Engine\22.8.0.50\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NS\1608000.032\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files\Norton Security\Engine\22.8.0.50"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-114335241-451106317-3397992227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*・・オ0・]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-114335241-451106317-3397992227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*・・オ0・\OpenWithList]
@Class="Shell"
.
Completion time: 2017-02-12 13:42:20
ComboFix-quarantined-files.txt 2017-02-12 04:42
ComboFix2.txt 2017-02-08 09:40
.
Pre-Run: 7,922,073,600 バイトの空き領域
Post-Run: 7,872,798,720 バイトの空き領域
.
- - End Of File - - 0DD86112FA62E816527290B42FC55BE0
5C616939100B85E558DA92B899A0FC36
---------------------------
Combo Fix最強伝説?とママ姐女史は絶叫しておりますがChromeのHP画面はhao123に乗っ取られたまんま。勿論IEも乗っ取られましたよーん(爆)
-
2:管理人です
:
2017/02/12 (Sun) 14:12:50
-
ざっくり、Combo Fixの取りこぼしをAdwで調べると
# AdwCleaner v6.043 - ログファイルの作成日 12/02/2017 作成時間 14:11:31
# Malwarebytesによる 27/01/2017 の更新日
# データベース : 2017-02-09.1 [ローカル]
# オペレーティングシステム : Windows Vista (TM) Business Service Pack 2 (X86)
# ユーザー名 : unko - UNKO-PC
# 実行場所 : C:\Users\unko\Desktop\リムーバー\adwcleaner_6.043.exe
# モード:スキャン
# サポート : https://www.malwarebytes.com/support
***** [ サービス ] *****
検出済みサービス: WinZipSmartMonitorService
***** [ フォルダ ] *****
検出済みフォルダ: C:\Users\unko\AppData\Local\PRO_PC_Cleaner
検出済みフォルダ: C:\Users\unko\AppData\Roaming\PRO PC Cleaner
検出済みフォルダ: C:\Users\unko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PRO PC Cleaner
検出済みフォルダ: C:\Users\unko\Documents\PROPCCleaner
検出済みフォルダ: C:\ProgramData\WinZip\WinZip Driver Updater
検出済みフォルダ: C:\ProgramData\WinZip\WinZip Smart Monitor
検出済みフォルダ: C:\ProgramData\Application Data\WinZip\WinZip Driver Updater
検出済みフォルダ: C:\ProgramData\Application Data\WinZip\WinZip Smart Monitor
検出済みフォルダ: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip Driver Updater
検出済みフォルダ: C:\Program Files\PRO PC Cleaner
検出済みフォルダ: C:\Program Files\WinZip Smart Monitor
***** [ ファイル ] *****
検出済みファイル: C:\Users\unko\Desktop\Hao123.lnk
検出済みファイル: C:\Users\unko\Desktop\PRO PC Cleaner.lnk
検出済みファイル: C:\Users\Public\Desktop\WinZip Driver Updater.lnk
***** [ DLL ] *****
悪意あるDLLsファイルを検出しませんでした。
***** [ WMI ] *****
悪意あるキーを検出しませんでした。
***** [ ショートカット ] *****
改ざん済みショートカットを検出しませんでした。
***** [ スケジュール済みタスク ] *****
検出済みタスク: Start WinZip Driver Updater for unko-PC@unko(logon)
検出済みタスク: Start WinZip Driver Updater Schedule
検出済みタスク: Start WinZip Driver Updater Update
検出済みタスク: PROPCCleaner_Popup
検出済みタスク: PROPCCleaner_Start
***** [ レジストリ ] *****
検出済みキー: HKU\S-1-5-21-114335241-451106317-3397992227-1000\Software\PRODUCTSETUP
検出済みキー: HKU\S-1-5-21-114335241-451106317-3397992227-1000\Software\csastats
検出済みキー: HKCU\Software\PRODUCTSETUP
検出済みキー: HKCU\Software\csastats
検出済みデータ: HKU\S-1-5-21-114335241-451106317-3397992227-1000\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://jp.hao123.com?tn=installc_pay_hp_88_hao123_jp
検出済みデータ: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://jp.hao123.com?tn=installc_pay_hp_88_hao123_jp
検出済みデータ: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://jp.hao123.com?tn=installc_pay_hp_88_hao123_jp
検出済みキー: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com
検出済みキー: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PRO PC Cleaner
検出済みキー: HKLM\SOFTWARE\CLASSES\APPID\WinZipSmartMonitorService.exe
***** [ Webブラウザ ] *****
悪意あるFirefoxベースの要素を検出しませんでした。
検出済みChromium設定: [C:\Users\unko\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://jp.hao123.com?tn=installc_pay_hp_88_hao123_jp
検出済みChromium設定: [C:\Users\unko\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://jp.hao123.com?tn=installc_pay_hp_88_hao123_jp
########## EOF - C:\AdwCleaner\AdwCleaner[S17].txt - [6156 バイト] ##########
-
3:管理人です
:
2017/02/12 (Sun) 14:56:01
-
zoek.exeは深みあるlogを吐き出してますね(Combo Fixがオートscan&削除した後にzoek.exeでscanした結果が以下のlog.まだまだ削除しきれていないエントリが大量にあるということ。Combo Fixの現在の力量がどの程度であるかを如実に示していると思う)。
↓
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by unko on 2017/02/12 at 14:15:35.53.
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\unko\Desktop\zoek.exe [Scan all users] [Checkboxes used]
==== Running Processes ======================
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AOMEI Backupper\ABService.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\SecureAge\Everything\Everything.exe
C:\Program Files\Norton Security\Engine\22.8.0.50\NS.exe
C:\Program Files\Logitec\LAN-W150N-U2\Common\RaRegistry.exe
C:\Program Files\SecureAge\Whitelist\saappsvc.exe
C:\Program Files\SecureAge\Everything\EverythingServer.exe
C:\Program Files\Norton Security\Engine\22.8.0.50\NS.exe
C:\Program Files\SecureAge\AntiVirus\sascansvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe
C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe
C:\Program Files\ShadowExplorer\sesvc.exe
C:\Program Files\SecureAge\AntiVirus\clamd.exe
C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitorService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\System Explorer\SystemExplorer.exe
C:\Program Files\SecureAge\Everything\Everything.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SecureAge\Whitelist\sanotifier.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe
C:\Program Files\System Explorer\service\SystemExplorerService.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Logitec\LAN-W150N-U2\Common\RaUI.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\unko\Desktop\zoek.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
==== System Specs ======================
Windows: Windows Vista Business Edition Service Pack 2 (Build 6002)
Memory (RAM): 3316 MB
CPU Info: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
CPU Speed: 2339.5 MHz
Sound Card: Not detected
Display Adapters: Intel(R) Q35 Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver
Monitors: 1x; 汎用 PnP モニタ |
Screen Resolution: 1280 X 1024 - 32 bit
Network: Network Present
Network Adapters: Logitec LAN-W150N/U2 LAN Adapter
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVD+-RW GT10N
Ports: COM1 LPT1
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C: 40.7GB | D: 13.8GB | G: 20.0GB
Hard Disks - Free: C: 4.1GB | D: 13.7GB | G: 18.5GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 06/11/12 | DELL - 15
Time Zone: 東京 (標準時)
Motherboard *: Dell Inc. 0PU052
Country: 日本
Language: JPN
==== System Specs (Software) ======================
Anti-Virus: SecureAPlus Antivirus On-access scanning disabled (Outdated)
Anti-Virus: ノートン セキュリティ On-access scanning disabled (Outdated)
Anti-Spyware: SecureAPlus disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: ノートン セキュリティ disabled (Outdated)
Firewall: ノートン セキュリティ disabled
Internet Explorer Version: 9.0.8112.16421
Google Chrome version: 49.0.2623.112
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2017-02-08 09:27:21 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2017-02-08 09:27:21 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2017-02-08 09:27:21 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2017-02-08 09:27:21 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2017-02-08 09:27:20 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
====== C:\Users\unko\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2017-02-05 16:11:02 1F1FDBEFDCBC56E90346FCFF4A4A00C4 17408375 ----a-w- C:\Windows\System32\scan.db
====== C:\Windows\system32\drivers =====
2017-02-09 00:46:46 FDBDEDB746A33BAFC17394D1960ADEAF 94936 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2017-02-08 08:23:47 E111BABE2BCA0F9CD3E45606EB63944F 87792 ----a-w- C:\Windows\System32\drivers\SYMEVENT.SYS
2017-02-08 08:23:47 97B24782C154E71CC0898C0F5F29BA32 8234 ----a-w- C:\Windows\System32\drivers\SYMEVENT.CAT
2017-02-08 08:23:47 3CB0C44695328FF0C4D82BD833491276 805 ----a-w- C:\Windows\System32\drivers\SYMEVENT.INF
2017-02-06 05:54:02 0C997B061E3C66BD9E927C1288EB1CC7 24688 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2017-02-05 16:11:27 4E9185B326462F3EB395C411D9365931 5840781 ----a-w- C:\Windows\System32\drivers\whitelist2.sa
2017-01-20 01:00:08 9E9AD8F623808C29BB42FB2F4D96E558 228312 ----a-w- C:\Windows\System32\drivers\saappctl.sys
2017-01-17 15:52:13 6FE70B9DCAD66449119E733C276F83E8 219584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2017-01-17 15:51:56 47DF8A068BA5666A14848C242BF5002B 59976 ----a-w- C:\Windows\System32\drivers\mbae.sys
====== C:\Windows\Tasks ======
2017-02-12 03:43:59 BE41DA2D1D5506038825E25C7C121BA8 3432 ----a-w- C:\Windows\system32\Tasks\Start WinZip Driver Updater Schedule
2017-02-12 03:43:56 6877148B9774ABBD4C83D9CBF65C239B 3364 ----a-w- C:\Windows\system32\Tasks\Start WinZip Driver Updater Update
2017-02-12 03:43:55 49A9784942023B8F9390F6B87FF7F45D 2584 ----a-w- C:\Windows\system32\Tasks\Start WinZip Driver Updater for unko-PC@unko(logon)
2017-02-09 01:24:09 -------- d-----w- C:\Windows\system32\Tasks\Remediation
2017-02-06 02:35:05 3F91CB12956787707A9B2753541C314C 2956 ----a-w- C:\Windows\system32\Tasks\GU5SkipUAC
2017-02-06 02:35:04 21DD83153289A008180CE424F5DD645D 3296 ----a-w- C:\Windows\system32\Tasks\GlaryInitialize 5
====== C:\Windows\Temp ======
======= C:\Program Files =====
2017-02-12 03:43:44 -------- d-----w- C:\Program Files\WinZip Smart Monitor
2017-02-12 03:34:57 -------- d-----w- C:\Program Files\PRO PC Cleaner
2017-02-09 21:02:16 -------- d-----w- C:\Program Files\trend micro
2017-02-09 01:23:56 -------- d-----w- C:\Program Files\Common Files\AV
2017-02-06 02:34:57 -------- d-----w- C:\Program Files\Glary Utilities 5
2017-02-05 16:10:24 -------- d-----w- C:\Program Files\SecureAge
2017-01-26 00:17:13 -------- d-----w- C:\Program Files\USBPcap
2017-01-26 00:16:01 -------- d-----w- C:\Program Files\WinPcap
2017-01-26 00:12:55 -------- d-----w- C:\Program Files\Wireshark
======= C: =====
2017-02-05 17:17:31 038FDE41AD27E14BA3A0A79A5A1F2798 4096 --sha-w- C:\{080A5247-08A4-422F-9F2E-B8002F0A89B7}.CBM
====== C:\Users\unko\AppData\Roaming ======
2017-02-12 04:42:24 -------- d-----w- C:\Users\Public\AppData\Local\temp
2017-02-12 04:42:24 -------- d-----w- C:\Users\Default\AppData\Local\temp
2017-02-12 04:42:24 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2017-02-12 04:42:24 -------- d-----w- C:\Users\aho\AppData\Local\temp
2017-02-12 03:37:03 -------- d-----w- C:\Users\unko\AppData\Roaming\PRO PC Cleaner
2017-02-12 03:35:17 -------- d-----w- C:\Users\unko\AppData\Local\PRO_PC_Cleaner
2017-02-12 03:34:58 -------- d-----w- C:\Users\unko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PRO PC Cleaner
2017-02-12 03:34:39 -------- d-----w- C:\Users\unko\AppData\Roaming\baidu
2017-02-09 22:41:39 -------- d-----w- C:\Users\unko\AppData\Local\VirtualStore
2017-02-09 22:38:06 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2017-02-09 22:38:06 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2017-02-09 22:38:05 -------- d-----w- C:\Users\unko\AppData\Local\Temp
2017-02-07 13:12:57 -------- d-----w- C:\Users\unko\AppData\Local\CrashDumps
2017-02-06 10:54:39 -------- d-----w- C:\Users\unko\AppData\Roaming\ZHP
2017-02-06 02:20:06 -------- d-----w- C:\Users\unko\AppData\Roaming\SecureAge Technology
2017-01-26 00:42:51 -------- d-----w- C:\Users\unko\AppData\Roaming\Wireshark
2017-01-25 23:50:56 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\CrashDumps
2017-01-25 19:08:04 2C2ED29E5C7AD14B95D1FF17610CEFAA 3584 ----a-w- C:\Users\unko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-17 15:42:21 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\ESET
====== C:\Users\unko ======
2017-02-12 03:43:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2017-02-12 03:39:57 -------- d-----w- C:\ProgramData\WinZip
2017-02-12 03:34:55 8429F7F8325BFD7442B4D90B09EA77C4 4459296 ----a-w- C:\Users\unko\Downloads\RegClean-Pro_6.2 [1].exe
2017-02-12 03:34:36 -------- d-----w- C:\Users\Public\Documents\Baidu
2017-02-12 03:34:03 EB56D44497FC275FCA3D92B2F76529A0 1280368 ----a-w- C:\Users\unko\Downloads\RegClean-Pro_6.2.exe
2017-02-12 03:33:44 EB56D44497FC275FCA3D92B2F76529A0 1280368 ----a-w- C:\Users\unko\Desktop\RegClean-Pro_6.2.exe
2017-02-09 22:43:05 -------- d-----w- C:\ProgramData\Ralink
2017-02-08 09:40:21 -------- d-----w- C:\Users\Public\AppData
2017-02-07 01:47:25 A67618FFD00DA29AF103B180CA3CB2A6 1097864 ----a-w- C:\Users\unko\Desktop\decrypt_MRCR.exe
2017-02-07 01:46:29 A67618FFD00DA29AF103B180CA3CB2A6 1097864 ----a-w- C:\Users\unko\Downloads\decrypt_MRCR.exe
2017-02-06 10:43:05 2B3EF007C33947E75774AA8649B57080 2700800 ----a-w- C:\Users\unko\Downloads\ZHPCleaner.exe
2017-02-06 10:22:54 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\unko\Downloads\RSIT.exe
2017-02-06 08:25:24 8856CA588D4A0DBA59AD133C4AAF8BB6 94960 ----a-w- C:\Users\unko\Desktop\動画見放題-yy20.us-07504749.exe
2017-02-06 05:48:42 9DF1469E76C21CFB43017D04847F6782 1663040 ----a-w- C:\Users\unko\Downloads\JRT.exe
2017-02-06 05:41:32 F794CDF8E5979DDDA760A4F82DE4AAC5 4015056 ----a-w- C:\Users\unko\Downloads\adwcleaner_6.043.exe
2017-02-06 02:24:13 F114163D4CEDC9867B3E107820543477 16756104 ----a-w- C:\Users\unko\Downloads\gu5setup.exe
2017-02-05 16:10:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureAge
2017-02-05 16:10:45 -------- d-----w- C:\ProgramData\ClamAV
2017-02-05 16:06:07 -------- d-----w- C:\ProgramData\SecureAge Technology
2017-02-05 16:05:32 FA21BD22A307A9FEEACE1669084A71BA 1968976 ----a-w- C:\Users\unko\Downloads\無料1年間 12エンジン SecureAPlusSetup.exe
2017-01-26 00:16:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
====== C: exe-files ==
2017-02-12 03:34:55 8429F7F8325BFD7442B4D90B09EA77C4 4459296 ----a-w- C:\Users\unko\Downloads\RegClean-Pro_6.2 [1].exe
2017-02-12 03:34:03 EB56D44497FC275FCA3D92B2F76529A0 1280368 ----a-w- C:\Users\unko\Downloads\RegClean-Pro_6.2.exe
2017-02-12 03:33:44 EB56D44497FC275FCA3D92B2F76529A0 1280368 ----a-w- C:\Users\unko\Desktop\RegClean-Pro_6.2.exe
2017-02-09 22:08:13 9F82D76A49C5F726C7E23B4E2D7E6E62 1105928 ----a-w- C:\FRST\Quarantine\C\Users\unko\AppData\Roaming\DesktopIconCALLofWAR\desktopicon-CALLofWAR.exe
2017-02-09 22:08:08 9F82D76A49C5F726C7E23B4E2D7E6E62 1105928 ----a-w- C:\FRST\Quarantine\C\Users\unko\AppData\Roaming\DesktopIconAmazon\desktopicon-Amazon.exe
2017-02-09 22:08:06 9F82D76A49C5F726C7E23B4E2D7E6E62 1105928 ----a-w- C:\FRST\Quarantine\C\Users\unko\AppData\Roaming\DesktopIconGoodgame\desktopicon-Goodgame.exe
2017-02-09 21:02:17 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\unko.exe
2017-02-09 15:07:09 B3E33BD600FA04F2C1A8052ADC7E59BA 719521 ----a-w- C:\AdwCleaner\Quarantine\files\opttggezslyjrmhbfymzfycotyrnkpbw\unins000.exe
2017-02-09 15:07:09 9F1AE66D7954FE2E0909A5EBC6B94798 67072 ----a-w- C:\AdwCleaner\Quarantine\files\opttggezslyjrmhbfymzfycotyrnkpbw\wow_helper.exe
2017-02-09 15:07:05 AB30B9C440D8EC04AC23150ECECC4E00 608256 ----a-w- C:\AdwCleaner\Quarantine\files\opttggezslyjrmhbfymzfycotyrnkpbw\Booking.com.exe
2017-02-09 01:24:09 B1268E1C7EC412B0477A542ABBDE58D1 3268352 ----a-w- C:\Program Files\Common Files\AV\ノートン セキュリティ\Upgrade.exe
2017-02-09 00:46:38 8D704E13B735D87D227D05B5495F1B1B 270136 ----a-w- C:\Users\unko\Desktop\mbar\mbar.exe
2017-02-09 00:46:38 7A2EBC02187D471E16EF38D230C16D7E 54072 ----a-w- C:\Users\unko\Desktop\mbar\mbamdor.exe
2017-02-09 00:46:38 4A5EA67F0B25AEF8AAD9EF1404230AFA 822584 ----a-w- C:\Users\unko\Desktop\mbar\Plugins\fixdamage.exe
2017-02-08 23:22:33 FD356FF1733CBA1ED1D302BD58810862 180288 ----a-w- C:\AdwCleaner\Quarantine\files\kgtfifpzyguluvqkkhmjwvvyccmivjjq\Smart Monitor\Uninstall.exe
2017-02-08 23:22:33 97EE01E99443E9EB04E0D592CBE6DB3D 513280 ----a-w- C:\AdwCleaner\Quarantine\files\kgtfifpzyguluvqkkhmjwvvyccmivjjq\Registry Reviver\Uninstall.exe
2017-02-08 23:22:33 3BDEB5C3D5BC4C242F5C5FE859CF2C9D 438528 ----a-w- C:\AdwCleaner\Quarantine\files\kgtfifpzyguluvqkkhmjwvvyccmivjjq\Smart Monitor\ReviverSoftSmartMonitorService.exe
2017-02-08 23:22:33 0398B50E2C05AA3FDA12741670B49F07 1700096 ----a-w- C:\AdwCleaner\Quarantine\files\kgtfifpzyguluvqkkhmjwvvyccmivjjq\Smart Monitor\ReviverSoftSmartMonitor.exe
2017-02-08 23:22:32 A94E218C4CDBFC4D559136FCCEF2D952 24554240 ----a-w- C:\AdwCleaner\Quarantine\files\kgtfifpzyguluvqkkhmjwvvyccmivjjq\Registry Reviver\RegistryReviver.exe
2017-02-08 23:22:32 5F6DF9BCF4251BF0FF1747A95FE2BC5B 2219264 ----a-w- C:\AdwCleaner\Quarantine\files\kgtfifpzyguluvqkkhmjwvvyccmivjjq\Registry Reviver\tray.exe
2017-02-08 23:22:32 046A8F239D7DCB3CDF234397D763B17A 73472 ----a-w- C:\AdwCleaner\Quarantine\files\kgtfifpzyguluvqkkhmjwvvyccmivjjq\Registry Reviver\RegistryReviverUpdater.exe
2017-02-08 23:22:28 6BE82EB32AC1F3EDCB97012210D10435 438272 ----a-w- C:\AdwCleaner\Quarantine\files\ejsbdidxewfdierryviatyvuffvmbtsr\WinZipSmartMonitorService.exe
2017-02-08 23:22:27 4FAD84599E1106EA5AD79D4B043C4765 1742848 ----a-w- C:\AdwCleaner\Quarantine\files\ejsbdidxewfdierryviatyvuffvmbtsr\WinZipSmartMonitor.exe
2017-02-08 23:22:27 2AFBB6AFCDCA3B85F83F726ACBACE7AD 223544 ----a-w- C:\AdwCleaner\Quarantine\files\ejsbdidxewfdierryviatyvuffvmbtsr\Uninstall.exe
2017-02-08 23:22:25 A675AB28195C5C0AA5C20EC1602ADF62 1268976 ----a-w- C:\AdwCleaner\Quarantine\files\ignijduejuucmlvgxnphurcrortwokop\WMPUninstall.exe
2017-02-08 23:22:25 95D6756F1638083239CE4F8B1DCA81C3 14576 ----a-w- C:\AdwCleaner\Quarantine\files\ignijduejuucmlvgxnphurcrortwokop\clamunpack\clamscan.exe
2017-02-08 23:22:25 84078359DA7FF6B14A360CE97AD898A6 6792944 ----a-w- C:\AdwCleaner\Quarantine\files\ignijduejuucmlvgxnphurcrortwokop\WinZipMalwareProtector.exe
2017-02-08 23:22:24 9635BD5ADA4E7BDD9747E769E9B1A6E0 1193712 ----a-w- C:\AdwCleaner\Quarantine\files\ignijduejuucmlvgxnphurcrortwokop\unins000.exe
2017-02-08 23:22:23 24689AF90D99414462DA85C5E5045233 487152 ----a-w- C:\AdwCleaner\Quarantine\files\ignijduejuucmlvgxnphurcrortwokop\AppManager.exe
2017-02-08 23:22:21 F0303893ACD0BC5219980B1C2545A170 551056 ----a-w- C:\AdwCleaner\Quarantine\files\zyawzoaianjhgfhwpogetfwsofmyasin\Uninstall.exe
2017-02-08 23:22:21 1D255F73E218BEFE9CD31B0ABE15B713 69632 ----a-w- C:\AdwCleaner\Quarantine\files\zyawzoaianjhgfhwpogetfwsofmyasin\DriverUpdaterUpdater.exe
2017-02-08 23:22:21 0818A2E722907988754D34B2C138B730 2497536 ----a-w- C:\AdwCleaner\Quarantine\files\zyawzoaianjhgfhwpogetfwsofmyasin\tray.exe
2017-02-08 23:22:18 EA82D6C356711E95188613678B128AEA 12547504 ----a-w- C:\AdwCleaner\Quarantine\files\zyawzoaianjhgfhwpogetfwsofmyasin\DriverUpdaterSetup.exe
2017-02-08 23:22:17 AB8D131E390944593398A02F75E3BBFF 26009088 ----a-w- C:\AdwCleaner\Quarantine\files\zyawzoaianjhgfhwpogetfwsofmyasin\DriverUpdater.exe
2017-02-08 23:22:15 E9763AEFFB3F7EFB611D791129A0A00D 1189208 ----a-w- C:\AdwCleaner\Quarantine\files\vqsemmwzuxrgchcxmzjhjbnidwtuymhy\unins000.exe
2017-02-08 23:22:15 45F54D9ECD295CF3B9F1FACF0D8F40AD 591672 ----a-w- C:\AdwCleaner\Quarantine\files\vqsemmwzuxrgchcxmzjhjbnidwtuymhy\systweakasp.exe
2017-02-08 23:22:14 E29B2EF1A8E184BD7DB025C458CF37A3 1265496 ----a-w- C:\AdwCleaner\Quarantine\files\vqsemmwzuxrgchcxmzjhjbnidwtuymhy\RCPUninstall.exe
2017-02-08 23:22:14 CFC369D7BFC98B4228AF6B9A194B4AB4 101208 ----a-w- C:\AdwCleaner\Quarantine\files\vqsemmwzuxrgchcxmzjhjbnidwtuymhy\CleanSchedule.exe
2017-02-08 23:22:14 C07EA2BEFFCDFC3E0D4CC1E6AB4674FD 73840 ----a-w- C:\AdwCleaner\Quarantine\files\vqsemmwzuxrgchcxmzjhjbnidwtuymhy\Cloud_Backup_Setup_Intl.exe
2017-02-08 23:22:14 4DA7D068A06A8E635484364E4A9ED79E 73824 ----a-w- C:\AdwCleaner\Quarantine\files\vqsemmwzuxrgchcxmzjhjbnidwtuymhy\Cloud_Backup_Setup.exe
2017-02-08 23:22:14 0C9A0DFC59B49EAF11C96262C5F758D0 7853400 ----a-w- C:\AdwCleaner\Quarantine\files\vqsemmwzuxrgchcxmzjhjbnidwtuymhy\RegCleanPro.exe
2017-02-08 23:22:13 F3E2BFC9E6FC7DA87167A1CBE6A9C4A4 426822 ----a-w- C:\AdwCleaner\Quarantine\files\chjuavrlvhdriogkqoksqcsbiojoydky\uninst.exe
2017-02-08 23:22:13 190E712D74459918F569BED42019777C 2471936 ----a-w- C:\AdwCleaner\Quarantine\files\chjuavrlvhdriogkqoksqcsbiojoydky\OLBPre.exe
2017-02-08 23:22:11 A8FBDF79F7BFF18AC1E55D41EE6A5030 304456 ----a-w- C:\AdwCleaner\Quarantine\files\hxsixtmqmosmuxolkmimemtzbycqhvae\rtop\bin\rtop_svc.exe
2017-02-08 23:22:11 A0270CE04D72C81E9D719D495604D4C9 619848 ----a-w- C:\AdwCleaner\Quarantine\files\hxsixtmqmosmuxolkmimemtzbycqhvae\rtop\bin\rtop_bg.exe
2017-02-08 23:22:10 BD84EA7D1D4F039E6D8C2068F6260E2E 167192 ----a-w- C:\AdwCleaner\Quarantine\files\hxsixtmqmosmuxolkmimemtzbycqhvae\rsEngineHelper.exe
2017-02-08 23:22:10 AF1EA810A8CFD80EBD3B8FC02161FC67 761160 ----a-w- C:\AdwCleaner\Quarantine\files\hxsixtmqmosmuxolkmimemtzbycqhvae\rtop\uninstall.exe
2017-02-08 23:22:10 7701D153BE8C84AF02556DAB82BC8529 67577 ----a-w- C:\AdwCleaner\Quarantine\files\hxsixtmqmosmuxolkmimemtzbycqhvae\Uninstall.exe
2017-02-08 23:22:10 50284FC7C83AACACFD2F92F523301F88 3581408 ----a-w- C:\AdwCleaner\Quarantine\files\hxsixtmqmosmuxolkmimemtzbycqhvae\ByteFence.exe
2017-02-08 23:22:10 4ED093DCCDA9B2F303310719A7A29476 190432 ----a-w- C:\AdwCleaner\Quarantine\files\hxsixtmqmosmuxolkmimemtzbycqhvae\ByteFenceScan.exe
2017-02-08 23:22:10 089D102EE37BA000A4DE6511FD4C2B0E 146912 ----a-w- C:\AdwCleaner\Quarantine\files\hxsixtmqmosmuxolkmimemtzbycqhvae\ByteFenceService.exe
2017-02-08 23:22:07 7483A4456464D0BE7FB34C224A59BF64 1193928 ----a-w- C:\AdwCleaner\Quarantine\files\jmitrrletlezfzeetsadjhiqlcxzyrbz\unins001.exe
2017-02-08 23:22:07 6EC89E16BB61AEF9E8A4E1CC24683CAE 14792 ----a-w- C:\AdwCleaner\Quarantine\files\jmitrrletlezfzeetsadjhiqlcxzyrbz\clamunpack\clamscan.exe
2017-02-08 23:22:07 365FA56FA33D8C056D150CCBC4D84924 1179920 ----a-w- C:\AdwCleaner\Quarantine\files\jmitrrletlezfzeetsadjhiqlcxzyrbz\unins000.exe
2017-02-08 23:22:06 B3C8CA19F37D5C3EFE3AF47C6648008C 8211912 ----a-w- C:\AdwCleaner\Quarantine\files\jmitrrletlezfzeetsadjhiqlcxzyrbz\AdvancedSystemProtector.exe
2017-02-08 23:22:06 3966180424979576DFB41ABB1110238B 552904 ----a-w- C:\AdwCleaner\Quarantine\files\jmitrrletlezfzeetsadjhiqlcxzyrbz\ASPUninstall.exe
2017-02-08 23:22:06 2CA73B935463DF4061774E5A684D71E8 391112 ----a-w- C:\AdwCleaner\Quarantine\files\jmitrrletlezfzeetsadjhiqlcxzyrbz\filetypehelper.exe
2017-02-08 23:22:06 26ECF9EC3D1BBABB53CE8720072C2FC2 772552 ----a-w- C:\AdwCleaner\Quarantine\files\jmitrrletlezfzeetsadjhiqlcxzyrbz\AspManager.exe
2017-02-08 13:40:32 AF1EA810A8CFD80EBD3B8FC02161FC67 761160 ----a-w- C:\AdwCleaner\Quarantine\files\ayjklzeupghkroahskjewlelxmjfefjj\rtop\uninstall.exe
2017-02-08 13:40:32 A8FBDF79F7BFF18AC1E55D41EE6A5030 304456 ----a-w- C:\AdwCleaner\Quarantine\files\ayjklzeupghkroahskjewlelxmjfefjj\rtop\bin\rtop_svc.exe
2017-02-08 13:40:32 A0270CE04D72C81E9D719D495604D4C9 619848 ----a-w- C:\AdwCleaner\Quarantine\files\ayjklzeupghkroahskjewlelxmjfefjj\rtop\bin\rtop_bg.exe
2017-02-08 13:40:31 BD84EA7D1D4F039E6D8C2068F6260E2E 167192 ----a-w- C:\AdwCleaner\Quarantine\files\ayjklzeupghkroahskjewlelxmjfefjj\rsEngineHelper.exe
2017-02-08 13:40:31 7701D153BE8C84AF02556DAB82BC8529 67577 ----a-w- C:\AdwCleaner\Quarantine\files\ayjklzeupghkroahskjewlelxmjfefjj\Uninstall.exe
2017-02-08 13:40:31 50284FC7C83AACACFD2F92F523301F88 3581408 ----a-w- C:\AdwCleaner\Quarantine\files\ayjklzeupghkroahskjewlelxmjfefjj\ByteFence.exe
2017-02-08 13:40:31 4ED093DCCDA9B2F303310719A7A29476 190432 ----a-w- C:\AdwCleaner\Quarantine\files\ayjklzeupghkroahskjewlelxmjfefjj\ByteFenceScan.exe
2017-02-08 13:40:31 089D102EE37BA000A4DE6511FD4C2B0E 146912 ----a-w- C:\AdwCleaner\Quarantine\files\ayjklzeupghkroahskjewlelxmjfefjj\ByteFenceService.exe
2017-02-08 09:27:21 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2017-02-08 09:27:21 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2017-02-08 09:27:21 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2017-02-08 09:27:21 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2017-02-08 09:27:20 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2017-02-08 04:32:55 A8FBDF79F7BFF18AC1E55D41EE6A5030 304456 ----a-w- C:\AdwCleaner\Quarantine\files\hpnyouqvyejhwndrevfdaiketahzloci\rtop\bin\rtop_svc.exe
2017-02-08 04:32:55 A0270CE04D72C81E9D719D495604D4C9 619848 ----a-w- C:\AdwCleaner\Quarantine\files\hpnyouqvyejhwndrevfdaiketahzloci\rtop\bin\rtop_bg.exe
2017-02-08 04:32:54 50284FC7C83AACACFD2F92F523301F88 3581408 ----a-w- C:\AdwCleaner\Quarantine\files\hpnyouqvyejhwndrevfdaiketahzloci\ByteFence.exe
2017-02-08 04:14:50 AF1EA810A8CFD80EBD3B8FC02161FC67 761160 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.DIR\rtop\uninstall.exe
2017-02-08 04:14:50 A8FBDF79F7BFF18AC1E55D41EE6A5030 304456 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.DIR\rtop\bin\rtop_svc.exe
2017-02-08 04:14:50 A0270CE04D72C81E9D719D495604D4C9 619848 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.DIR\rtop\bin\rtop_bg.exe
2017-02-08 04:14:50 50284FC7C83AACACFD2F92F523301F88 3581408 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.exe
2017-02-08 04:14:50 089D102EE37BA000A4DE6511FD4C2B0E 146912 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFenceService.exe
2017-02-08 04:14:49 BD84EA7D1D4F039E6D8C2068F6260E2E 167192 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.DIR\rsEngineHelper.exe
2017-02-08 04:14:49 7701D153BE8C84AF02556DAB82BC8529 67577 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.DIR\Uninstall.exe
2017-02-08 04:14:49 4ED093DCCDA9B2F303310719A7A29476 190432 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.DIR\ByteFenceScan.exe
2017-02-08 04:14:49 089D102EE37BA000A4DE6511FD4C2B0E 146912 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.DIR\ByteFenceService.exe
2017-02-08 04:14:48 50284FC7C83AACACFD2F92F523301F88 3581408 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.DIR\ByteFence.exe
2017-02-08 03:26:03 DDAB92FC92A6EB427CCE27C3745E55E5 15144 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ASP\ASP\clamunpack\clamscan.exe
2017-02-08 03:24:43 E29B2EF1A8E184BD7DB025C458CF37A3 1265496 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\RegClean Pro\RegClean Pro\RCPUninstall.exe
2017-02-07 15:38:56 6BE82EB32AC1F3EDCB97012210D10435 438272 ----a-w- C:\AdwCleaner\Quarantine\files\bsazmcqvgidstvibzwgywezjakuxrskj\WinZipSmartMonitorService.exe
2017-02-07 15:38:56 4FAD84599E1106EA5AD79D4B043C4765 1742848 ----a-w- C:\AdwCleaner\Quarantine\files\bsazmcqvgidstvibzwgywezjakuxrskj\WinZipSmartMonitor.exe
2017-02-07 15:38:56 2AFBB6AFCDCA3B85F83F726ACBACE7AD 223544 ----a-w- C:\AdwCleaner\Quarantine\files\bsazmcqvgidstvibzwgywezjakuxrskj\Uninstall.exe
2017-02-07 15:38:54 A8FBDF79F7BFF18AC1E55D41EE6A5030 304456 ----a-w- C:\AdwCleaner\Quarantine\files\scpggkdwfyifzfzxhyxtxqwptbarixov\rtop\bin\rtop_svc.exe
2017-02-07 15:38:54 A0270CE04D72C81E9D719D495604D4C9 619848 ----a-w- C:\AdwCleaner\Quarantine\files\scpggkdwfyifzfzxhyxtxqwptbarixov\rtop\bin\rtop_bg.exe
2017-02-07 15:38:53 BD84EA7D1D4F039E6D8C2068F6260E2E 167192 ----a-w- C:\AdwCleaner\Quarantine\files\scpggkdwfyifzfzxhyxtxqwptbarixov\rsEngineHelper.exe
2017-02-07 15:38:53 AF1EA810A8CFD80EBD3B8FC02161FC67 761160 ----a-w- C:\AdwCleaner\Quarantine\files\scpggkdwfyifzfzxhyxtxqwptbarixov\rtop\uninstall.exe
2017-02-07 15:38:53 336892BF7A0EABB938C3DF22C048F860 67060 ----a-w- C:\AdwCleaner\Quarantine\files\scpggkdwfyifzfzxhyxtxqwptbarixov\Uninstall.exe
2017-02-07 15:38:52 F980033CD93B3A31E57766107D94A15B 187872 ----a-w- C:\AdwCleaner\Quarantine\files\scpggkdwfyifzfzxhyxtxqwptbarixov\ByteFenceScan.exe
2017-02-07 15:38:52 E6B613546ED6D2FFFF1D263BAC7721B8 146400 ----a-w- C:\AdwCleaner\Quarantine\files\scpggkdwfyifzfzxhyxtxqwptbarixov\ByteFenceService.exe
2017-02-07 15:38:52 364451D2C8D441E77EA6B0B71D91A760 3284960 ----a-w- C:\AdwCleaner\Quarantine\files\scpggkdwfyifzfzxhyxtxqwptbarixov\ByteFence.exe
2017-02-07 12:06:17 A675AB28195C5C0AA5C20EC1602ADF62 1268976 ----a-w- C:\AdwCleaner\Quarantine\files\gundltyqrzldekqggjxnhhkvqxhibnhm\WMPUninstall.exe
2017-02-07 12:06:17 95D6756F1638083239CE4F8B1DCA81C3 14576 ----a-w- C:\AdwCleaner\Quarantine\files\gundltyqrzldekqggjxnhhkvqxhibnhm\clamunpack\clamscan.exe
2017-02-07 12:06:16 9635BD5ADA4E7BDD9747E769E9B1A6E0 1193712 ----a-w- C:\AdwCleaner\Quarantine\files\gundltyqrzldekqggjxnhhkvqxhibnhm\unins000.exe
2017-02-07 12:06:15 24689AF90D99414462DA85C5E5045233 487152 ----a-w- C:\AdwCleaner\Quarantine\files\gundltyqrzldekqggjxnhhkvqxhibnhm\AppManager.exe
2017-02-07 12:06:12 E9763AEFFB3F7EFB611D791129A0A00D 1189208 ----a-w- C:\AdwCleaner\Quarantine\files\phhjjtemtgooqzbslogzfjzfmazxqflh\unins000.exe
2017-02-07 12:06:11 E29B2EF1A8E184BD7DB025C458CF37A3 1265496 ----a-w- C:\AdwCleaner\Quarantine\files\phhjjtemtgooqzbslogzfjzfmazxqflh\RCPUninstall.exe
2017-02-07 12:06:11 C07EA2BEFFCDFC3E0D4CC1E6AB4674FD 73840 ----a-w- C:\AdwCleaner\Quarantine\files\phhjjtemtgooqzbslogzfjzfmazxqflh\Cloud_Backup_Setup_Intl.exe
2017-02-07 12:06:09 F3E2BFC9E6FC7DA87167A1CBE6A9C4A4 426822 ----a-w- C:\AdwCleaner\Quarantine\files\eacluoneiacnygxaqzqcwjjfzyjybzva\uninst.exe
2017-02-07 12:05:42 B206F656142CB617140C561DCAB35A93 741768 ----a-w- C:\AdwCleaner\Quarantine\files\arvhlrchmbrcndjbdoqvddrgmfzjjcff\Advanced-PC-Care\apcsrv.exe
2017-02-07 12:05:13 CEAB470D6905F4F1A7EA7617659D553C 71872 ----a-w- C:\AdwCleaner\Quarantine\files\goxnpgcsksgataxyterksawlxbriiatm\efo.exe
2017-02-07 11:08:46 F794CDF8E5979DDDA760A4F82DE4AAC5 4015056 ----a-w- C:\Users\unko\Desktop\リムーバー\adwcleaner_6.043.exe
2017-02-07 01:47:25 A67618FFD00DA29AF103B180CA3CB2A6 1097864 ----a-w- C:\Users\unko\Desktop\decrypt_MRCR.exe
2017-02-07 01:46:29 A67618FFD00DA29AF103B180CA3CB2A6 1097864 ----a-w- C:\Users\unko\Downloads\decrypt_MRCR.exe
2017-02-06 11:04:38 6EC89E16BB61AEF9E8A4E1CC24683CAE 14792 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ASP.DIR\clamunpack\clamscan.exe
2017-02-06 11:04:36 3966180424979576DFB41ABB1110238B 552904 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ASP.DIR\ASPUninstall.exe
2017-02-06 10:54:39 2B3EF007C33947E75774AA8649B57080 2700800 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\ZHPCleaner.exe
2017-02-06 10:49:48 6EC89E16BB61AEF9E8A4E1CC24683CAE 14792 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ASP\clamunpack\clamscan.exe
2017-02-06 10:48:32 E29B2EF1A8E184BD7DB025C458CF37A3 1265496 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\RegClean Pro\RCPUninstall.exe
2017-02-06 10:43:05 2B3EF007C33947E75774AA8649B57080 2700800 ----a-w- C:\Users\unko\Downloads\ZHPCleaner.exe
2017-02-06 10:22:54 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\unko\Downloads\RSIT.exe
2017-02-06 08:25:24 8856CA588D4A0DBA59AD133C4AAF8BB6 94960 ----a-w- C:\Users\unko\Desktop\動画見放題-yy20.us-07504749.exe
2017-02-06 07:52:08 F231896936D77EC7E48AD2540BC48504 31744 ----a-w- C:\AdwCleaner\Quarantine\files\fkylwgqyyvfyrfmbyxqydkpzmkjatiju\APCFXValidatorService.exe
2017-02-06 07:51:11 FDB62515AD98F727915B08A14035ADAE 72392 ----a-w- C:\AdwCleaner\Quarantine\files\jpkzvyzokoshggrckgqwcoehnjzgkrve\wfo.exe
2017-02-06 05:48:42 9DF1469E76C21CFB43017D04847F6782 1663040 ----a-w- C:\Users\unko\Downloads\JRT.exe
2017-02-06 05:44:26 FD356FF1733CBA1ED1D302BD58810862 180288 ----a-w- C:\AdwCleaner\Quarantine\files\lcmaszrnfodzugxnepdlebehanvaseny\Smart Monitor\Uninstall.exe
2017-02-06 05:44:26 3BDEB5C3D5BC4C242F5C5FE859CF2C9D 438528 ----a-w- C:\AdwCleaner\Quarantine\files\lcmaszrnfodzugxnepdlebehanvaseny\Smart Monitor\ReviverSoftSmartMonitorService.exe
2017-02-06 05:44:26 0398B50E2C05AA3FDA12741670B49F07 1700096 ----a-w- C:\AdwCleaner\Quarantine\files\lcmaszrnfodzugxnepdlebehanvaseny\Smart Monitor\ReviverSoftSmartMonitor.exe
2017-02-06 05:41:32 F794CDF8E5979DDDA760A4F82DE4AAC5 4015056 ----a-w- C:\Users\unko\Downloads\adwcleaner_6.043.exe
2017-02-06 02:24:13 F114163D4CEDC9867B3E107820543477 16756104 ----a-w- C:\Users\unko\Downloads\gu5setup.exe
2017-02-05 16:05:32 FA21BD22A307A9FEEACE1669084A71BA 1968976 ----a-w- C:\Users\unko\Downloads\無料1年間 12エンジン SecureAPlusSetup.exe
=== C: other files ==
2017-02-09 01:09:47 A7476418495A5CF97F691EA4F3986B85 43248 ----a-w- C:\Windows\System32\drivers\NS\1608000.032\srtspx.sys
2017-02-09 01:09:47 9EF7544FE71F8025FB1A5A1FCFF8D333 423640 ----a-w- C:\Windows\System32\drivers\NS\1608000.032\symnets.sys
2017-02-09 01:09:47 9C1F4482556BBADE50F44C6EB37540FB 351416 ----a-w- C:\Windows\System32\drivers\NS\1608000.032\symtdiv.sys
2017-02-09 01:09:47 91AA67FD9704A8E953376DD140683507 1291992 ----a-w- C:\Windows\System32\drivers\NS\1608000.032\symefasi.sys
2017-02-09 01:09:47 729B1795DF93CE075A2959CC07332D48 22144 ----a-r- C:\Windows\System32\drivers\NS\1608000.032\symelam.sys
2017-02-09 01:09:46 88CDEF7E48A5D91BEA57E9A18426709E 137456 ----a-w- C:\Windows\System32\drivers\NS\1608000.032\ccsetx86.sys
2017-02-09 01:09:46 1B6EC6B91DAB7971530D61D4F2BFB22F 229616 ----a-w- C:\Windows\System32\drivers\NS\1608000.032\ironx86.sys
2017-02-09 01:09:11 423903085E55FD24A0F49195160EE612 634096 ----a-w- C:\Windows\System32\drivers\NS\1608000.032\srtsp.sys
2017-02-09 00:46:46 FDBDEDB746A33BAFC17394D1960ADEAF 94936 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2017-02-08 23:21:50 D96343D30CAE7610E85F073465B64B83 3916 ----a-w- C:\AdwCleaner\Quarantine\files\ntjxeqicgpebpcfrzcanrjosbusuvsyg\updates\3003update.zip
2017-02-08 23:21:50 7615543E072AB393C538A0A5A0FE5AEA 33085 ----a-w- C:\AdwCleaner\Quarantine\files\ntjxeqicgpebpcfrzcanrjosbusuvsyg\updates\3004update.zip
2017-02-08 23:21:50 28B9D0C3DB8AEC6ECBC1E1370A8779D5 2795 ----a-w- C:\AdwCleaner\Quarantine\files\ntjxeqicgpebpcfrzcanrjosbusuvsyg\updates\3005update.zip
2017-02-08 23:21:47 95E178E1051BF60D571081E1F0471886 28972240 ----a-w- C:\AdwCleaner\Quarantine\files\ntjxeqicgpebpcfrzcanrjosbusuvsyg\updates\3002mupdate.zip
2017-02-08 23:21:44 F6C9AE08D057B2E2E415DC21E6ADC641 34764852 ----a-w- C:\AdwCleaner\Quarantine\files\ntjxeqicgpebpcfrzcanrjosbusuvsyg\updates\2561completedatabase.zip
2017-02-08 08:23:47 E111BABE2BCA0F9CD3E45606EB63944F 87792 ----a-w- C:\Windows\System32\drivers\SYMEVENT.SYS
2017-02-07 12:06:01 F315D0792A4849C06CA6211D94D97C3B 54177 ----a-w- C:\AdwCleaner\Quarantine\files\zpwkdqxykwonqpqiuhjrwlycmbabvevk\updates\2996update.zip
2017-02-07 12:06:01 E93B226063EFF6EAAF68D91C370F50D3 1486 ----a-w- C:\AdwCleaner\Quarantine\files\zpwkdqxykwonqpqiuhjrwlycmbabvevk\updates\3000update.zip
2017-02-07 12:06:01 5181169E27875EBEC08E65823FAC1C28 384113 ----a-w- C:\AdwCleaner\Quarantine\files\zpwkdqxykwonqpqiuhjrwlycmbabvevk\updates\3001update.zip
2017-02-07 12:06:01 3685708DF94E8518596F065584BDF150 322043 ----a-w- C:\AdwCleaner\Quarantine\files\zpwkdqxykwonqpqiuhjrwlycmbabvevk\updates\2999update.zip
2017-02-07 12:06:01 1B88A61A0E6E6958F4B57B1CB1DD8F30 8871 ----a-w- C:\AdwCleaner\Quarantine\files\zpwkdqxykwonqpqiuhjrwlycmbabvevk\updates\2997update.zip
2017-02-07 12:06:01 0272285C7946D6FD60B4E1CAA91C4E9B 1486 ----a-w- C:\AdwCleaner\Quarantine\files\zpwkdqxykwonqpqiuhjrwlycmbabvevk\updates\2998update.zip
2017-02-07 12:05:59 F6C9AE08D057B2E2E415DC21E6ADC641 34764852 ----a-w- C:\AdwCleaner\Quarantine\files\zpwkdqxykwonqpqiuhjrwlycmbabvevk\updates\2561completedatabase.zip
2017-02-07 12:05:59 BE050338D4E2E7FD3CF229AF60B09917 28380736 ----a-w- C:\AdwCleaner\Quarantine\files\zpwkdqxykwonqpqiuhjrwlycmbabvevk\updates\2995mupdate.zip
2017-02-07 12:05:41 F315D0792A4849C06CA6211D94D97C3B 54177 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\2996update.zip
2017-02-07 12:05:41 E93B226063EFF6EAAF68D91C370F50D3 1486 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\3000update.zip
2017-02-07 12:05:41 5181169E27875EBEC08E65823FAC1C28 384113 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\3001update.zip
2017-02-07 12:05:41 3685708DF94E8518596F065584BDF150 322043 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\2999update.zip
2017-02-07 12:05:41 1B88A61A0E6E6958F4B57B1CB1DD8F30 8871 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\2997update.zip
2017-02-07 12:05:41 0272285C7946D6FD60B4E1CAA91C4E9B 1486 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\2998update.zip
2017-02-07 12:05:39 BE050338D4E2E7FD3CF229AF60B09917 28380736 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\2995mupdate.zip
2017-02-07 12:05:37 F6C9AE08D057B2E2E415DC21E6ADC641 34764852 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\2561completedatabase.zip
2017-02-07 12:05:37 8F435197C7D81CFFD18C4B63835D880E 84750 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\100oupdate.zip
2017-02-06 10:54:20 E93B226063EFF6EAAF68D91C370F50D3 1486 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\Systweak\Advanced System Protector\updates\3000update.zip
2017-02-06 10:54:20 3685708DF94E8518596F065584BDF150 322043 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\Systweak\Advanced System Protector\updates\2999update.zip
2017-02-06 10:54:19 F315D0792A4849C06CA6211D94D97C3B 54177 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\Systweak\Advanced System Protector\updates\2996update.zip
2017-02-06 10:54:19 1B88A61A0E6E6958F4B57B1CB1DD8F30 8871 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\Systweak\Advanced System Protector\updates\2997update.zip
2017-02-06 10:54:19 0272285C7946D6FD60B4E1CAA91C4E9B 1486 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\Systweak\Advanced System Protector\updates\2998update.zip
2017-02-06 10:53:38 BE050338D4E2E7FD3CF229AF60B09917 28380736 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\Systweak\Advanced System Protector\updates\2995mupdate.zip
2017-02-06 10:53:38 8F435197C7D81CFFD18C4B63835D880E 84750 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\Systweak\Advanced System Protector\updates\100oupdate.zip
2017-02-06 10:52:45 F6C9AE08D057B2E2E415DC21E6ADC641 34764852 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\Systweak\Advanced System Protector\updates\2561completedatabase.zip
2017-02-06 05:54:02 0C997B061E3C66BD9E927C1288EB1CC7 24688 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-114335241-451106317-3397992227-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe"
"GUDelayStartup"="C:\Program Files\Glary Utilities 5\StartupManager.exe -delayrun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SystemExplorerAutoStart"="C:\Program Files\System Explorer\SystemExplorer.exe /TRAY"
"Malwarebytes TrayApp"="C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe"
"Everything"="C:\Program Files\SecureAge\Everything\Everything.exe -config C:\Program Files\SecureAge\Everything\Everything.ini --startup"
"SAAppWhitelistingNotifier"="C:\Program Files\SecureAge\Whitelist\sanotifier.exe"
"SecureAPlus"="C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe /tray"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe"
"GUDelayStartup"="C:\Program Files\Glary Utilities 5\StartupManager.exe -delayrun"
==== Startup Folders ======================
2015-12-18 17:19:36 1957 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\クライアントユーティリティ.lnk
==== Other Scheduled Tasks ======================
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GlaryInitialize 5" [C:\Program Files\Glary Utilities 5\Initialize.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GU5SkipUAC" [C:\Program Files\Glary Utilities 5\Integrator.exe]
"C:\Windows\system32\tasks\Norton 8M" [C:\Program Files\Norton Security\Engine\22.5.4.24\uiStub.exe]
"C:\Windows\system32\tasks\Norton WSC Integration" ["C:\Program Files\Norton Security\Engine\22.8.0.50\WSCStub.exe"]
"C:\Windows\system32\tasks\PROPCCleaner_Popup" [C:\Program Files\PRO PC Cleaner\Splash.exe]
"C:\Windows\system32\tasks\PROPCCleaner_Start" [C:\Program Files\PRO PC Cleaner\PROPCCleaner.exe]
"C:\Windows\system32\tasks\Start WinZip Driver Updater for unko-PC@unko(logon)" [C:\Program Files\WinZip Driver Updater\DriverUpdater.exe]
"C:\Windows\system32\tasks\Start WinZip Driver Updater Schedule" [C:\Program Files\WinZip Driver Updater\DriverUpdater.exe]
"C:\Windows\system32\tasks\Start WinZip Driver Updater Update" [C:\Program Files\WinZip Driver Updater\DriverUpdater.exe]
"C:\Windows\system32\tasks\Norton Security\Norton Error Analyzer" [C:\Program Files\Norton Security\Engine\22.8.0.50\SymErr.exe]
"C:\Windows\system32\tasks\Norton Security\Norton Error Processor" [C:\Program Files\Norton Security\Engine\22.8.0.50\SymErr.exe]
"C:\Windows\system32\tasks\Remediation\AntimalwareMigrationTask" ["C:\Program Files\Common Files\AV\ノートン セキュリティ\Upgrade.exe"]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon" [2017/02/09 18:18]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx[2016/09/24 02:03]
iikflkcanblccfahdhdonehdalibjnif - No path found[]
Google Docs - unko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Norton Security Toolbar - unko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
Norton Identity Safe - unko\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
Chrome Web Store Payments - unko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
==== IE Start and Search Settings ======================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://jp.hao123.com?tn=installc_pay_hp_88_hao123_jp"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://jp.hao123.com?tn=installc_pay_hp_88_hao123_jp"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{4C8AD715-F1AC-4A2E-9278-B6CDD860918F}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{4C8AD715-F1AC-4A2E-9278-B6CDD860918F} Google Url="http://www.google.co.jp/search?hl=ja&q={searchTerms}&lr=lang_ja"
==== HijackThis Entries ======================
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SystemExplorerAutoStart] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKLM\..\Run: [Everything] "C:\Program Files\SecureAge\Everything\Everything.exe" -config "C:\Program Files\SecureAge\Everything\Everything.ini" --startup
O4 - HKLM\..\Run: [SAAppWhitelistingNotifier] C:\Program Files\SecureAge\Whitelist\sanotifier.exe
O4 - HKLM\..\Run: [SecureAPlus] "C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe" /tray
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - Global Startup: クライアントユーティリティ.lnk = C:\Program Files\Logitec\LAN-W150N-U2\Common\RaUI.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AOMEI Backupper Scheduler Service (Backupper Service) - AOMEI Tech Co., Ltd. - C:\Program Files\AOMEI Backupper\ABService.exe
O23 - Service: EaseUS Agentサービス (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: Everything - Unknown owner - C:\Program Files\SecureAge\Everything\Everything.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Norton Security (NS) - Symantec Corporation - C:\Program Files\Norton Security\Engine\22.8.0.50\NS.exe
O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files\Logitec\LAN-W150N-U2\Common\RaRegistry.exe
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Unknown owner - C:\Program Files\Logitec\LAN-W150N-U2\Common\RaMediaServer.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SecureAge Application Whitelisting Service (saappsvc) - SecureAge Technology - C:\Program Files\SecureAge\Whitelist\saappsvc.exe
O23 - Service: SecureAge Everything Server (SAEverythingServer) - SecureAge Technology - C:\Program Files\SecureAge\Everything\EverythingServer.exe
O23 - Service: SecureAge Virus Scanner (sascansvc) - SecureAge Technology - C:\Program Files\SecureAge\AntiVirus\sascansvc.exe
O23 - Service: SecureAge UniversalAV Service (SAUAVSvc) - SecureAge Technology - C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SecureAPlus Service (SecureAPlusService) - SecureAge Technology - C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe
O23 - Service: ShadowExplorer Service (sesvc) - www.shadowexplorer.com - C:\Program Files\ShadowExplorer\sesvc.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files\System Explorer\service\SystemExplorerService.exe
O23 - Service: WinZipSmartMonitorService - Unknown owner - C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitorService.exe
==== C:\zoek_backup content ======================
C:\zoek_backup (files=638 folders=87 1338737552 bytes)
==== EOF on 2017/02/12 at 14:20:03.64 ======================
-
4:管理人です
:
2017/02/12 (Sun) 16:02:39
-
zoek.exeでオートクリーンした後のlogを投稿したいのですが「なんと」禁止ワードが含まれているため投稿できません、とfc2の主張。
-
5:管理人です
:
2017/02/12 (Sun) 16:31:51
-
禁止ワードとは何か?(実はノートンに関連するlog1行が禁止ワード該当)
以下、zoek.exeのオートクリーン機能を使った自動削除の結果
↓
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by unko on 2017/02/12 at 15:29:01.19.
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\unko\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]
==== System Restore Info ======================
2017/02/12 15:33:28 Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Ralink deleted successfully
C:\Users\unko\AppData\Roaming\baidu deleted successfully
C:\Users\unko\AppData\Local\VirtualStore deleted successfully
==== Running Processes ======================
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AOMEI Backupper\ABService.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\SecureAge\Everything\Everything.exe
C:\Program Files\Norton Security\Engine\22.8.0.50\NS.exe
C:\Program Files\Logitec\LAN-W150N-U2\Common\RaRegistry.exe
C:\Program Files\SecureAge\Whitelist\saappsvc.exe
C:\Program Files\SecureAge\Everything\EverythingServer.exe
C:\Program Files\SecureAge\AntiVirus\sascansvc.exe
C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe
C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe
C:\Program Files\ShadowExplorer\sesvc.exe
C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
C:\Program Files\Norton Security\Engine\22.8.0.50\NS.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SecureAge\AntiVirus\clamd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\System Explorer\SystemExplorer.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\SecureAge\Everything\Everything.exe
C:\Program Files\SecureAge\Whitelist\sanotifier.exe
C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Logitec\LAN-W150N-U2\Common\RaUI.exe
C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitorService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe
C:\Windows\System32\vds.exe
C:\Program Files\System Explorer\service\SystemExplorerService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\unko\Desktop\zoek.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\PROGRAM FILES\NORTON SECURITY\ENGINE\22.8.0.50\cltLMH.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
==== Batch Command(s) Run By Tool======================
==== System Specs ======================
Windows: Windows Vista Business Edition Service Pack 2 (Build 6002)
Memory (RAM): 3316 MB
CPU Info: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
CPU Speed: 2338.5 MHz
Sound Card: Not detected
Display Adapters: Intel(R) Q35 Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver
Monitors: 1x; 汎用 PnP モニタ |
Screen Resolution: 1280 X 1024 - 32 bit
Network: Network Present
Network Adapters: Logitec LAN-W150N/U2 LAN Adapter
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVD+-RW GT10N
Ports: COM1 LPT1
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C: 40.7GB | D: 13.8GB | G: 20.0GB
Hard Disks - Free: C: 5.2GB | D: 13.7GB | G: 18.5GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 06/11/12 | DELL - 15
Time Zone: 東京 (標準時)
Motherboard *: Dell Inc. 0PU052
Country: 日本
Language: JPN
==== System Specs (Software) ======================
Anti-Virus: SecureAPlus Antivirus On-access scanning disabled (Outdated)
Anti-Virus: ノートン セキュリティ On-access scanning disabled (Outdated)
Anti-Spyware: SecureAPlus disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: ノートン セキュリティ disabled (Outdated)
Firewall: ノートン セキュリティ disabled
Internet Explorer Version: 9.0.8112.16421
Google Chrome version: 49.0.2623.112
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2017-02-08 09:27:21 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2017-02-08 09:27:21 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2017-02-08 09:27:21 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2017-02-08 09:27:21 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2017-02-08 09:27:20 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
====== C:\Users\unko\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2017-02-05 16:11:02 1F1FDBEFDCBC56E90346FCFF4A4A00C4 17408375 ----a-w- C:\Windows\System32\scan.db
====== C:\Windows\system32\drivers =====
2017-02-09 00:46:46 FDBDEDB746A33BAFC17394D1960ADEAF 94936 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2017-02-08 08:23:47 E111BABE2BCA0F9CD3E45606EB63944F 87792 ----a-w- C:\Windows\System32\drivers\SYMEVENT.SYS
2017-02-08 08:23:47 97B24782C154E71CC0898C0F5F29BA32 8234 ----a-w- C:\Windows\System32\drivers\SYMEVENT.CAT
2017-02-08 08:23:47 3CB0C44695328FF0C4D82BD833491276 805 ----a-w- C:\Windows\System32\drivers\SYMEVENT.INF
2017-02-06 05:54:02 0C997B061E3C66BD9E927C1288EB1CC7 24688 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2017-02-05 16:11:27 8594BF24A1829668B7AA0D35A4FCB824 5842495 ----a-w- C:\Windows\System32\drivers\whitelist2.sa
2017-01-20 01:00:08 9E9AD8F623808C29BB42FB2F4D96E558 228312 ----a-w- C:\Windows\System32\drivers\saappctl.sys
2017-01-17 15:52:13 6FE70B9DCAD66449119E733C276F83E8 219584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2017-01-17 15:51:56 47DF8A068BA5666A14848C242BF5002B 59976 ----a-w- C:\Windows\System32\drivers\mbae.sys
====== C:\Windows\Tasks ======
2017-02-12 03:43:59 BE41DA2D1D5506038825E25C7C121BA8 3432 ----a-w- C:\Windows\system32\Tasks\Start WinZip Driver Updater Schedule
2017-02-12 03:43:56 6877148B9774ABBD4C83D9CBF65C239B 3364 ----a-w- C:\Windows\system32\Tasks\Start WinZip Driver Updater Update
2017-02-12 03:43:55 49A9784942023B8F9390F6B87FF7F45D 2584 ----a-w- C:\Windows\system32\Tasks\Start WinZip Driver Updater for unko-PC@unko(logon)
2017-02-09 01:24:09 -------- d-----w- C:\Windows\system32\Tasks\Remediation
2017-02-06 02:35:05 3F91CB12956787707A9B2753541C314C 2956 ----a-w- C:\Windows\system32\Tasks\GU5SkipUAC
2017-02-06 02:35:04 21DD83153289A008180CE424F5DD645D 3296 ----a-w- C:\Windows\system32\Tasks\GlaryInitialize 5
====== C:\Windows\Temp ======
======= C:\Program Files =====
2017-02-12 03:43:44 -------- d-----w- C:\Program Files\WinZip Smart Monitor
2017-02-09 21:02:16 -------- d-----w- C:\Program Files\trend micro
2017-02-09 01:23:56 -------- d-----w- C:\Program Files\Common Files\AV
2017-02-06 02:34:57 -------- d-----w- C:\Program Files\Glary Utilities 5
2017-02-05 16:10:24 -------- d-----w- C:\Program Files\SecureAge
2017-01-26 00:17:13 -------- d-----w- C:\Program Files\USBPcap
2017-01-26 00:16:01 -------- d-----w- C:\Program Files\WinPcap
2017-01-26 00:12:55 -------- d-----w- C:\Program Files\Wireshark
======= C: =====
2017-02-05 17:17:31 038FDE41AD27E14BA3A0A79A5A1F2798 4096 --sha-w- C:\{080A5247-08A4-422F-9F2E-B8002F0A89B7}.CBM
====== C:\Users\unko\AppData\Roaming ======
2017-02-12 04:42:24 -------- d-----w- C:\Users\Public\AppData\Local\temp
2017-02-12 04:42:24 -------- d-----w- C:\Users\Default\AppData\Local\temp
2017-02-12 04:42:24 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2017-02-12 04:42:24 -------- d-----w- C:\Users\aho\AppData\Local\temp
2017-02-09 22:38:06 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2017-02-09 22:38:06 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2017-02-09 22:38:05 -------- d-----w- C:\Users\unko\AppData\Local\Temp
2017-02-07 13:12:57 -------- d-----w- C:\Users\unko\AppData\Local\CrashDumps
2017-02-06 10:54:39 -------- d-----w- C:\Users\unko\AppData\Roaming\ZHP
2017-02-06 02:20:06 -------- d-----w- C:\Users\unko\AppData\Roaming\SecureAge Technology
2017-01-26 00:42:51 -------- d-----w- C:\Users\unko\AppData\Roaming\Wireshark
2017-01-25 23:50:56 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\CrashDumps
2017-01-25 19:08:04 2C2ED29E5C7AD14B95D1FF17610CEFAA 3584 ----a-w- C:\Users\unko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-17 15:42:21 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\ESET
====== C:\Users\unko ======
2017-02-12 03:43:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2017-02-12 03:39:57 -------- d-----w- C:\ProgramData\WinZip
2017-02-12 03:34:55 8429F7F8325BFD7442B4D90B09EA77C4 4459296 ----a-w- C:\Users\unko\Downloads\RegClean-Pro_6.2 [1].exe
2017-02-12 03:34:36 -------- d-----w- C:\Users\Public\Documents\Baidu
2017-02-12 03:34:03 EB56D44497FC275FCA3D92B2F76529A0 1280368 ----a-w- C:\Users\unko\Downloads\RegClean-Pro_6.2.exe
2017-02-12 03:33:44 EB56D44497FC275FCA3D92B2F76529A0 1280368 ----a-w- C:\Users\unko\Desktop\RegClean-Pro_6.2.exe
2017-02-08 09:40:21 -------- d-----w- C:\Users\Public\AppData
2017-02-07 01:47:25 A67618FFD00DA29AF103B180CA3CB2A6 1097864 ----a-w- C:\Users\unko\Desktop\decrypt_MRCR.exe
2017-02-07 01:46:29 A67618FFD00DA29AF103B180CA3CB2A6 1097864 ----a-w- C:\Users\unko\Downloads\decrypt_MRCR.exe
2017-02-06 10:43:05 2B3EF007C33947E75774AA8649B57080 2700800 ----a-w- C:\Users\unko\Downloads\ZHPCleaner.exe
2017-02-06 10:22:54 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\unko\Downloads\RSIT.exe
2017-02-06 08:25:24 8856CA588D4A0DBA59AD133C4AAF8BB6 94960 ----a-w- C:\Users\unko\Desktop\動画見放題-yy20.us-07504749.exe
2017-02-06 05:48:42 9DF1469E76C21CFB43017D04847F6782 1663040 ----a-w- C:\Users\unko\Downloads\JRT.exe
2017-02-06 05:41:32 F794CDF8E5979DDDA760A4F82DE4AAC5 4015056 ----a-w- C:\Users\unko\Downloads\adwcleaner_6.043.exe
2017-02-06 02:24:13 F114163D4CEDC9867B3E107820543477 16756104 ----a-w- C:\Users\unko\Downloads\gu5setup.exe
2017-02-05 16:10:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureAge
2017-02-05 16:10:45 -------- d-----w- C:\ProgramData\ClamAV
2017-02-05 16:06:07 -------- d-----w- C:\ProgramData\SecureAge Technology
2017-02-05 16:05:32 FA21BD22A307A9FEEACE1669084A71BA 1968976 ----a-w- C:\Users\unko\Downloads\無料1年間 12エンジン SecureAPlusSetup.exe
2017-01-26 00:16:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
====== C: exe-files ==
2017-02-12 03:34:55 8429F7F8325BFD7442B4D90B09EA77C4 4459296 ----a-w- C:\Users\unko\Downloads\RegClean-Pro_6.2 [1].exe
2017-02-12 03:34:03 EB56D44497FC275FCA3D92B2F76529A0 1280368 ----a-w- C:\Users\unko\Downloads\RegClean-Pro_6.2.exe
2017-02-12 03:33:44 EB56D44497FC275FCA3D92B2F76529A0 1280368 ----a-w- C:\Users\unko\Desktop\RegClean-Pro_6.2.exe
2017-02-09 22:08:13 9F82D76A49C5F726C7E23B4E2D7E6E62 1105928 ----a-w- C:\FRST\Quarantine\C\Users\unko\AppData\Roaming\DesktopIconCALLofWAR\desktopicon-CALLofWAR.exe
2017-02-09 22:08:08 9F82D76A49C5F726C7E23B4E2D7E6E62 1105928 ----a-w- C:\FRST\Quarantine\C\Users\unko\AppData\Roaming\DesktopIconAmazon\desktopicon-Amazon.exe
2017-02-09 22:08:06 9F82D76A49C5F726C7E23B4E2D7E6E62 1105928 ----a-w- C:\FRST\Quarantine\C\Users\unko\AppData\Roaming\DesktopIconGoodgame\desktopicon-Goodgame.exe
2017-02-09 21:02:17 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\unko.exe
2017-02-09 15:07:09 B3E33BD600FA04F2C1A8052ADC7E59BA 719521 ----a-w- C:\AdwCleaner\Quarantine\files\opttggezslyjrmhbfymzfycotyrnkpbw\unins000.exe
2017-02-09 15:07:09 9F1AE66D7954FE2E0909A5EBC6B94798 67072 ----a-w- C:\AdwCleaner\Quarantine\files\opttggezslyjrmhbfymzfycotyrnkpbw\wow_helper.exe
2017-02-09 15:07:05 AB30B9C440D8EC04AC23150ECECC4E00 608256 ----a-w- C:\AdwCleaner\Quarantine\files\opttggezslyjrmhbfymzfycotyrnkpbw\Booking.com.exe
2017-02-09 01:24:09 B1268E1C7EC412B0477A542ABBDE58D1 3268352 ----a-w- C:\Program Files\Common Files\AV\ノートン セキュリティ\Upgrade.exe
2017-02-09 00:46:38 8D704E13B735D87D227D05B5495F1B1B 270136 ----a-w- C:\Users\unko\Desktop\mbar\mbar.exe
2017-02-09 00:46:38 7A2EBC02187D471E16EF38D230C16D7E 54072 ----a-w- C:\Users\unko\Desktop\mbar\mbamdor.exe
2017-02-09 00:46:38 4A5EA67F0B25AEF8AAD9EF1404230AFA 822584 ----a-w- C:\Users\unko\Desktop\mbar\Plugins\fixdamage.exe
2017-02-08 23:22:33 FD356FF1733CBA1ED1D302BD58810862 180288 ----a-w- C:\AdwCleaner\Quarantine\files\kgtfifpzyguluvqkkhmjwvvyccmivjjq\Smart Monitor\Uninstall.exe
2017-02-08 23:22:33 97EE01E99443E9EB04E0D592CBE6DB3D 513280 ----a-w- C:\AdwCleaner\Quarantine\files\kgtfifpzyguluvqkkhmjwvvyccmivjjq\Registry Reviver\Uninstall.exe
2017-02-08 23:22:33 3BDEB5C3D5BC4C242F5C5FE859CF2C9D 438528 ----a-w- C:\AdwCleaner\Quarantine\files\kgtfifpzyguluvqkkhmjwvvyccmivjjq\Smart Monitor\ReviverSoftSmartMonitorService.exe
2017-02-08 23:22:33 0398B50E2C05AA3FDA12741670B49F07 1700096 ----a-w- C:\AdwCleaner\Quarantine\files\kgtfifpzyguluvqkkhmjwvvyccmivjjq\Smart Monitor\ReviverSoftSmartMonitor.exe
2017-02-08 23:22:32 A94E218C4CDBFC4D559136FCCEF2D952 24554240 ----a-w- C:\AdwCleaner\Quarantine\files\kgtfifpzyguluvqkkhmjwvvyccmivjjq\Registry Reviver\RegistryReviver.exe
2017-02-08 23:22:32 5F6DF9BCF4251BF0FF1747A95FE2BC5B 2219264 ----a-w- C:\AdwCleaner\Quarantine\files\kgtfifpzyguluvqkkhmjwvvyccmivjjq\Registry Reviver\tray.exe
2017-02-08 23:22:32 046A8F239D7DCB3CDF234397D763B17A 73472 ----a-w- C:\AdwCleaner\Quarantine\files\kgtfifpzyguluvqkkhmjwvvyccmivjjq\Registry Reviver\RegistryReviverUpdater.exe
2017-02-08 23:22:28 6BE82EB32AC1F3EDCB97012210D10435 438272 ----a-w- C:\AdwCleaner\Quarantine\files\ejsbdidxewfdierryviatyvuffvmbtsr\WinZipSmartMonitorService.exe
2017-02-08 23:22:27 4FAD84599E1106EA5AD79D4B043C4765 1742848 ----a-w- C:\AdwCleaner\Quarantine\files\ejsbdidxewfdierryviatyvuffvmbtsr\WinZipSmartMonitor.exe
2017-02-08 23:22:27 2AFBB6AFCDCA3B85F83F726ACBACE7AD 223544 ----a-w- C:\AdwCleaner\Quarantine\files\ejsbdidxewfdierryviatyvuffvmbtsr\Uninstall.exe
2017-02-08 23:22:25 A675AB28195C5C0AA5C20EC1602ADF62 1268976 ----a-w- C:\AdwCleaner\Quarantine\files\ignijduejuucmlvgxnphurcrortwokop\WMPUninstall.exe
2017-02-08 23:22:25 95D6756F1638083239CE4F8B1DCA81C3 14576 ----a-w- C:\AdwCleaner\Quarantine\files\ignijduejuucmlvgxnphurcrortwokop\clamunpack\clamscan.exe
2017-02-08 23:22:25 84078359DA7FF6B14A360CE97AD898A6 6792944 ----a-w- C:\AdwCleaner\Quarantine\files\ignijduejuucmlvgxnphurcrortwokop\WinZipMalwareProtector.exe
2017-02-08 23:22:24 9635BD5ADA4E7BDD9747E769E9B1A6E0 1193712 ----a-w- C:\AdwCleaner\Quarantine\files\ignijduejuucmlvgxnphurcrortwokop\unins000.exe
2017-02-08 23:22:23 24689AF90D99414462DA85C5E5045233 487152 ----a-w- C:\AdwCleaner\Quarantine\files\ignijduejuucmlvgxnphurcrortwokop\AppManager.exe
2017-02-08 23:22:21 F0303893ACD0BC5219980B1C2545A170 551056 ----a-w- C:\AdwCleaner\Quarantine\files\zyawzoaianjhgfhwpogetfwsofmyasin\Uninstall.exe
2017-02-08 23:22:21 1D255F73E218BEFE9CD31B0ABE15B713 69632 ----a-w- C:\AdwCleaner\Quarantine\files\zyawzoaianjhgfhwpogetfwsofmyasin\DriverUpdaterUpdater.exe
2017-02-08 23:22:21 0818A2E722907988754D34B2C138B730 2497536 ----a-w- C:\AdwCleaner\Quarantine\files\zyawzoaianjhgfhwpogetfwsofmyasin\tray.exe
2017-02-08 23:22:18 EA82D6C356711E95188613678B128AEA 12547504 ----a-w- C:\AdwCleaner\Quarantine\files\zyawzoaianjhgfhwpogetfwsofmyasin\DriverUpdaterSetup.exe
2017-02-08 23:22:17 AB8D131E390944593398A02F75E3BBFF 26009088 ----a-w- C:\AdwCleaner\Quarantine\files\zyawzoaianjhgfhwpogetfwsofmyasin\DriverUpdater.exe
2017-02-08 23:22:15 E9763AEFFB3F7EFB611D791129A0A00D 1189208 ----a-w- C:\AdwCleaner\Quarantine\files\vqsemmwzuxrgchcxmzjhjbnidwtuymhy\unins000.exe
2017-02-08 23:22:15 45F54D9ECD295CF3B9F1FACF0D8F40AD 591672 ----a-w- C:\AdwCleaner\Quarantine\files\vqsemmwzuxrgchcxmzjhjbnidwtuymhy\systweakasp.exe
2017-02-08 23:22:14 E29B2EF1A8E184BD7DB025C458CF37A3 1265496 ----a-w- C:\AdwCleaner\Quarantine\files\vqsemmwzuxrgchcxmzjhjbnidwtuymhy\RCPUninstall.exe
2017-02-08 23:22:14 CFC369D7BFC98B4228AF6B9A194B4AB4 101208 ----a-w- C:\AdwCleaner\Quarantine\files\vqsemmwzuxrgchcxmzjhjbnidwtuymhy\CleanSchedule.exe
2017-02-08 23:22:14 C07EA2BEFFCDFC3E0D4CC1E6AB4674FD 73840 ----a-w- C:\AdwCleaner\Quarantine\files\vqsemmwzuxrgchcxmzjhjbnidwtuymhy\Cloud_Backup_Setup_Intl.exe
2017-02-08 23:22:14 4DA7D068A06A8E635484364E4A9ED79E 73824 ----a-w- C:\AdwCleaner\Quarantine\files\vqsemmwzuxrgchcxmzjhjbnidwtuymhy\Cloud_Backup_Setup.exe
2017-02-08 23:22:14 0C9A0DFC59B49EAF11C96262C5F758D0 7853400 ----a-w- C:\AdwCleaner\Quarantine\files\vqsemmwzuxrgchcxmzjhjbnidwtuymhy\RegCleanPro.exe
2017-02-08 23:22:13 F3E2BFC9E6FC7DA87167A1CBE6A9C4A4 426822 ----a-w- C:\AdwCleaner\Quarantine\files\chjuavrlvhdriogkqoksqcsbiojoydky\uninst.exe
2017-02-08 23:22:13 190E712D74459918F569BED42019777C 2471936 ----a-w- C:\AdwCleaner\Quarantine\files\chjuavrlvhdriogkqoksqcsbiojoydky\OLBPre.exe
2017-02-08 23:22:11 A8FBDF79F7BFF18AC1E55D41EE6A5030 304456 ----a-w- C:\AdwCleaner\Quarantine\files\hxsixtmqmosmuxolkmimemtzbycqhvae\rtop\bin\rtop_svc.exe
2017-02-08 23:22:11 A0270CE04D72C81E9D719D495604D4C9 619848 ----a-w- C:\AdwCleaner\Quarantine\files\hxsixtmqmosmuxolkmimemtzbycqhvae\rtop\bin\rtop_bg.exe
2017-02-08 23:22:10 BD84EA7D1D4F039E6D8C2068F6260E2E 167192 ----a-w- C:\AdwCleaner\Quarantine\files\hxsixtmqmosmuxolkmimemtzbycqhvae\rsEngineHelper.exe
2017-02-08 23:22:10 AF1EA810A8CFD80EBD3B8FC02161FC67 761160 ----a-w- C:\AdwCleaner\Quarantine\files\hxsixtmqmosmuxolkmimemtzbycqhvae\rtop\uninstall.exe
2017-02-08 23:22:10 7701D153BE8C84AF02556DAB82BC8529 67577 ----a-w- C:\AdwCleaner\Quarantine\files\hxsixtmqmosmuxolkmimemtzbycqhvae\Uninstall.exe
2017-02-08 23:22:10 50284FC7C83AACACFD2F92F523301F88 3581408 ----a-w- C:\AdwCleaner\Quarantine\files\hxsixtmqmosmuxolkmimemtzbycqhvae\ByteFence.exe
2017-02-08 23:22:10 4ED093DCCDA9B2F303310719A7A29476 190432 ----a-w- C:\AdwCleaner\Quarantine\files\hxsixtmqmosmuxolkmimemtzbycqhvae\ByteFenceScan.exe
2017-02-08 23:22:10 089D102EE37BA000A4DE6511FD4C2B0E 146912 ----a-w- C:\AdwCleaner\Quarantine\files\hxsixtmqmosmuxolkmimemtzbycqhvae\ByteFenceService.exe
2017-02-08 23:22:07 7483A4456464D0BE7FB34C224A59BF64 1193928 ----a-w- C:\AdwCleaner\Quarantine\files\jmitrrletlezfzeetsadjhiqlcxzyrbz\unins001.exe
2017-02-08 23:22:07 6EC89E16BB61AEF9E8A4E1CC24683CAE 14792 ----a-w- C:\AdwCleaner\Quarantine\files\jmitrrletlezfzeetsadjhiqlcxzyrbz\clamunpack\clamscan.exe
2017-02-08 23:22:07 365FA56FA33D8C056D150CCBC4D84924 1179920 ----a-w- C:\AdwCleaner\Quarantine\files\jmitrrletlezfzeetsadjhiqlcxzyrbz\unins000.exe
2017-02-08 23:22:06 B3C8CA19F37D5C3EFE3AF47C6648008C 8211912 ----a-w- C:\AdwCleaner\Quarantine\files\jmitrrletlezfzeetsadjhiqlcxzyrbz\AdvancedSystemProtector.exe
2017-02-08 23:22:06 3966180424979576DFB41ABB1110238B 552904 ----a-w- C:\AdwCleaner\Quarantine\files\jmitrrletlezfzeetsadjhiqlcxzyrbz\ASPUninstall.exe
2017-02-08 23:22:06 2CA73B935463DF4061774E5A684D71E8 391112 ----a-w- C:\AdwCleaner\Quarantine\files\jmitrrletlezfzeetsadjhiqlcxzyrbz\filetypehelper.exe
2017-02-08 23:22:06 26ECF9EC3D1BBABB53CE8720072C2FC2 772552 ----a-w- C:\AdwCleaner\Quarantine\files\jmitrrletlezfzeetsadjhiqlcxzyrbz\AspManager.exe
2017-02-08 13:40:32 AF1EA810A8CFD80EBD3B8FC02161FC67 761160 ----a-w- C:\AdwCleaner\Quarantine\files\ayjklzeupghkroahskjewlelxmjfefjj\rtop\uninstall.exe
2017-02-08 13:40:32 A8FBDF79F7BFF18AC1E55D41EE6A5030 304456 ----a-w- C:\AdwCleaner\Quarantine\files\ayjklzeupghkroahskjewlelxmjfefjj\rtop\bin\rtop_svc.exe
2017-02-08 13:40:32 A0270CE04D72C81E9D719D495604D4C9 619848 ----a-w- C:\AdwCleaner\Quarantine\files\ayjklzeupghkroahskjewlelxmjfefjj\rtop\bin\rtop_bg.exe
2017-02-08 13:40:31 BD84EA7D1D4F039E6D8C2068F6260E2E 167192 ----a-w- C:\AdwCleaner\Quarantine\files\ayjklzeupghkroahskjewlelxmjfefjj\rsEngineHelper.exe
2017-02-08 13:40:31 7701D153BE8C84AF02556DAB82BC8529 67577 ----a-w- C:\AdwCleaner\Quarantine\files\ayjklzeupghkroahskjewlelxmjfefjj\Uninstall.exe
2017-02-08 13:40:31 50284FC7C83AACACFD2F92F523301F88 3581408 ----a-w- C:\AdwCleaner\Quarantine\files\ayjklzeupghkroahskjewlelxmjfefjj\ByteFence.exe
2017-02-08 13:40:31 4ED093DCCDA9B2F303310719A7A29476 190432 ----a-w- C:\AdwCleaner\Quarantine\files\ayjklzeupghkroahskjewlelxmjfefjj\ByteFenceScan.exe
2017-02-08 13:40:31 089D102EE37BA000A4DE6511FD4C2B0E 146912 ----a-w- C:\AdwCleaner\Quarantine\files\ayjklzeupghkroahskjewlelxmjfefjj\ByteFenceService.exe
2017-02-08 09:27:21 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2017-02-08 09:27:21 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2017-02-08 09:27:21 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2017-02-08 09:27:21 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2017-02-08 09:27:20 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2017-02-08 04:32:55 A8FBDF79F7BFF18AC1E55D41EE6A5030 304456 ----a-w- C:\AdwCleaner\Quarantine\files\hpnyouqvyejhwndrevfdaiketahzloci\rtop\bin\rtop_svc.exe
2017-02-08 04:32:55 A0270CE04D72C81E9D719D495604D4C9 619848 ----a-w- C:\AdwCleaner\Quarantine\files\hpnyouqvyejhwndrevfdaiketahzloci\rtop\bin\rtop_bg.exe
2017-02-08 04:32:54 50284FC7C83AACACFD2F92F523301F88 3581408 ----a-w- C:\AdwCleaner\Quarantine\files\hpnyouqvyejhwndrevfdaiketahzloci\ByteFence.exe
2017-02-08 04:14:50 AF1EA810A8CFD80EBD3B8FC02161FC67 761160 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.DIR\rtop\uninstall.exe
2017-02-08 04:14:50 A8FBDF79F7BFF18AC1E55D41EE6A5030 304456 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.DIR\rtop\bin\rtop_svc.exe
2017-02-08 04:14:50 A0270CE04D72C81E9D719D495604D4C9 619848 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.DIR\rtop\bin\rtop_bg.exe
2017-02-08 04:14:50 50284FC7C83AACACFD2F92F523301F88 3581408 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.exe
2017-02-08 04:14:50 089D102EE37BA000A4DE6511FD4C2B0E 146912 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFenceService.exe
2017-02-08 04:14:49 BD84EA7D1D4F039E6D8C2068F6260E2E 167192 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.DIR\rsEngineHelper.exe
2017-02-08 04:14:49 7701D153BE8C84AF02556DAB82BC8529 67577 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.DIR\Uninstall.exe
2017-02-08 04:14:49 4ED093DCCDA9B2F303310719A7A29476 190432 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.DIR\ByteFenceScan.exe
2017-02-08 04:14:49 089D102EE37BA000A4DE6511FD4C2B0E 146912 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.DIR\ByteFenceService.exe
2017-02-08 04:14:48 50284FC7C83AACACFD2F92F523301F88 3581408 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ByteFence.DIR\ByteFence.exe
2017-02-08 03:26:03 DDAB92FC92A6EB427CCE27C3745E55E5 15144 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ASP\ASP\clamunpack\clamscan.exe
2017-02-08 03:24:43 E29B2EF1A8E184BD7DB025C458CF37A3 1265496 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\RegClean Pro\RegClean Pro\RCPUninstall.exe
2017-02-07 15:38:56 6BE82EB32AC1F3EDCB97012210D10435 438272 ----a-w- C:\AdwCleaner\Quarantine\files\bsazmcqvgidstvibzwgywezjakuxrskj\WinZipSmartMonitorService.exe
2017-02-07 15:38:56 4FAD84599E1106EA5AD79D4B043C4765 1742848 ----a-w- C:\AdwCleaner\Quarantine\files\bsazmcqvgidstvibzwgywezjakuxrskj\WinZipSmartMonitor.exe
2017-02-07 15:38:56 2AFBB6AFCDCA3B85F83F726ACBACE7AD 223544 ----a-w- C:\AdwCleaner\Quarantine\files\bsazmcqvgidstvibzwgywezjakuxrskj\Uninstall.exe
2017-02-07 15:38:54 A8FBDF79F7BFF18AC1E55D41EE6A5030 304456 ----a-w- C:\AdwCleaner\Quarantine\files\scpggkdwfyifzfzxhyxtxqwptbarixov\rtop\bin\rtop_svc.exe
2017-02-07 15:38:54 A0270CE04D72C81E9D719D495604D4C9 619848 ----a-w- C:\AdwCleaner\Quarantine\files\scpggkdwfyifzfzxhyxtxqwptbarixov\rtop\bin\rtop_bg.exe
2017-02-07 15:38:53 BD84EA7D1D4F039E6D8C2068F6260E2E 167192 ----a-w- C:\AdwCleaner\Quarantine\files\scpggkdwfyifzfzxhyxtxqwptbarixov\rsEngineHelper.exe
2017-02-07 15:38:53 AF1EA810A8CFD80EBD3B8FC02161FC67 761160 ----a-w- C:\AdwCleaner\Quarantine\files\scpggkdwfyifzfzxhyxtxqwptbarixov\rtop\uninstall.exe
2017-02-07 15:38:53 336892BF7A0EABB938C3DF22C048F860 67060 ----a-w- C:\AdwCleaner\Quarantine\files\scpggkdwfyifzfzxhyxtxqwptbarixov\Uninstall.exe
2017-02-07 15:38:52 F980033CD93B3A31E57766107D94A15B 187872 ----a-w- C:\AdwCleaner\Quarantine\files\scpggkdwfyifzfzxhyxtxqwptbarixov\ByteFenceScan.exe
2017-02-07 15:38:52 E6B613546ED6D2FFFF1D263BAC7721B8 146400 ----a-w- C:\AdwCleaner\Quarantine\files\scpggkdwfyifzfzxhyxtxqwptbarixov\ByteFenceService.exe
2017-02-07 15:38:52 364451D2C8D441E77EA6B0B71D91A760 3284960 ----a-w- C:\AdwCleaner\Quarantine\files\scpggkdwfyifzfzxhyxtxqwptbarixov\ByteFence.exe
2017-02-07 12:06:17 A675AB28195C5C0AA5C20EC1602ADF62 1268976 ----a-w- C:\AdwCleaner\Quarantine\files\gundltyqrzldekqggjxnhhkvqxhibnhm\WMPUninstall.exe
2017-02-07 12:06:17 95D6756F1638083239CE4F8B1DCA81C3 14576 ----a-w- C:\AdwCleaner\Quarantine\files\gundltyqrzldekqggjxnhhkvqxhibnhm\clamunpack\clamscan.exe
2017-02-07 12:06:16 9635BD5ADA4E7BDD9747E769E9B1A6E0 1193712 ----a-w- C:\AdwCleaner\Quarantine\files\gundltyqrzldekqggjxnhhkvqxhibnhm\unins000.exe
2017-02-07 12:06:15 24689AF90D99414462DA85C5E5045233 487152 ----a-w- C:\AdwCleaner\Quarantine\files\gundltyqrzldekqggjxnhhkvqxhibnhm\AppManager.exe
2017-02-07 12:06:12 E9763AEFFB3F7EFB611D791129A0A00D 1189208 ----a-w- C:\AdwCleaner\Quarantine\files\phhjjtemtgooqzbslogzfjzfmazxqflh\unins000.exe
2017-02-07 12:06:11 E29B2EF1A8E184BD7DB025C458CF37A3 1265496 ----a-w- C:\AdwCleaner\Quarantine\files\phhjjtemtgooqzbslogzfjzfmazxqflh\RCPUninstall.exe
2017-02-07 12:06:11 C07EA2BEFFCDFC3E0D4CC1E6AB4674FD 73840 ----a-w- C:\AdwCleaner\Quarantine\files\phhjjtemtgooqzbslogzfjzfmazxqflh\Cloud_Backup_Setup_Intl.exe
2017-02-07 12:06:09 F3E2BFC9E6FC7DA87167A1CBE6A9C4A4 426822 ----a-w- C:\AdwCleaner\Quarantine\files\eacluoneiacnygxaqzqcwjjfzyjybzva\uninst.exe
2017-02-07 12:05:42 B206F656142CB617140C561DCAB35A93 741768 ----a-w- C:\AdwCleaner\Quarantine\files\arvhlrchmbrcndjbdoqvddrgmfzjjcff\Advanced-PC-Care\apcsrv.exe
2017-02-07 12:05:13 CEAB470D6905F4F1A7EA7617659D553C 71872 ----a-w- C:\AdwCleaner\Quarantine\files\goxnpgcsksgataxyterksawlxbriiatm\efo.exe
2017-02-07 11:08:46 F794CDF8E5979DDDA760A4F82DE4AAC5 4015056 ----a-w- C:\Users\unko\Desktop\リムーバー\adwcleaner_6.043.exe
2017-02-07 01:47:25 A67618FFD00DA29AF103B180CA3CB2A6 1097864 ----a-w- C:\Users\unko\Desktop\decrypt_MRCR.exe
2017-02-07 01:46:29 A67618FFD00DA29AF103B180CA3CB2A6 1097864 ----a-w- C:\Users\unko\Downloads\decrypt_MRCR.exe
2017-02-06 11:04:38 6EC89E16BB61AEF9E8A4E1CC24683CAE 14792 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ASP.DIR\clamunpack\clamscan.exe
2017-02-06 11:04:36 3966180424979576DFB41ABB1110238B 552904 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ASP.DIR\ASPUninstall.exe
2017-02-06 10:54:39 2B3EF007C33947E75774AA8649B57080 2700800 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\ZHPCleaner.exe
2017-02-06 10:49:48 6EC89E16BB61AEF9E8A4E1CC24683CAE 14792 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\ASP\clamunpack\clamscan.exe
2017-02-06 10:48:32 E29B2EF1A8E184BD7DB025C458CF37A3 1265496 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\RegClean Pro\RCPUninstall.exe
2017-02-06 10:43:05 2B3EF007C33947E75774AA8649B57080 2700800 ----a-w- C:\Users\unko\Downloads\ZHPCleaner.exe
2017-02-06 10:22:54 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\unko\Downloads\RSIT.exe
2017-02-06 08:25:24 8856CA588D4A0DBA59AD133C4AAF8BB6 94960 ----a-w- C:\Users\unko\Desktop\動画見放題-yy20.us-07504749.exe
2017-02-06 07:52:08 F231896936D77EC7E48AD2540BC48504 31744 ----a-w- C:\AdwCleaner\Quarantine\files\fkylwgqyyvfyrfmbyxqydkpzmkjatiju\APCFXValidatorService.exe
2017-02-06 07:51:11 FDB62515AD98F727915B08A14035ADAE 72392 ----a-w- C:\AdwCleaner\Quarantine\files\jpkzvyzokoshggrckgqwcoehnjzgkrve\wfo.exe
2017-02-06 05:48:42 9DF1469E76C21CFB43017D04847F6782 1663040 ----a-w- C:\Users\unko\Downloads\JRT.exe
2017-02-06 05:44:26 FD356FF1733CBA1ED1D302BD58810862 180288 ----a-w- C:\AdwCleaner\Quarantine\files\lcmaszrnfodzugxnepdlebehanvaseny\Smart Monitor\Uninstall.exe
2017-02-06 05:44:26 3BDEB5C3D5BC4C242F5C5FE859CF2C9D 438528 ----a-w- C:\AdwCleaner\Quarantine\files\lcmaszrnfodzugxnepdlebehanvaseny\Smart Monitor\ReviverSoftSmartMonitorService.exe
2017-02-06 05:44:26 0398B50E2C05AA3FDA12741670B49F07 1700096 ----a-w- C:\AdwCleaner\Quarantine\files\lcmaszrnfodzugxnepdlebehanvaseny\Smart Monitor\ReviverSoftSmartMonitor.exe
2017-02-06 05:41:32 F794CDF8E5979DDDA760A4F82DE4AAC5 4015056 ----a-w- C:\Users\unko\Downloads\adwcleaner_6.043.exe
2017-02-06 02:24:13 F114163D4CEDC9867B3E107820543477 16756104 ----a-w- C:\Users\unko\Downloads\gu5setup.exe
2017-02-05 16:05:32 FA21BD22A307A9FEEACE1669084A71BA 1968976 ----a-w- C:\Users\unko\Downloads\無料1年間 12エンジン SecureAPlusSetup.exe
=== C: other files ==
2017-02-09 01:09:47 A7476418495A5CF97F691EA4F3986B85 43248 ----a-w- C:\Windows\System32\drivers\NS\1608000.032\srtspx.sys
2017-02-09 01:09:47 9EF7544FE71F8025FB1A5A1FCFF8D333 423640 ----a-w- C:\Windows\System32\drivers\NS\1608000.032\symnets.sys
2017-02-09 01:09:47 9C1F4482556BBADE50F44C6EB37540FB 351416 ----a-w- C:\Windows\System32\drivers\NS\1608000.032\symtdiv.sys
2017-02-09 01:09:47 91AA67FD9704A8E953376DD140683507 1291992 ----a-w- C:\Windows\System32\drivers\NS\1608000.032\symefasi.sys
2017-02-09 01:09:47 729B1795DF93CE075A2959CC07332D48 22144 ----a-r- C:\Windows\System32\drivers\NS\1608000.032\symelam.sys
2017-02-09 01:09:46 88CDEF7E48A5D91BEA57E9A18426709E 137456 ----a-w- C:\Windows\System32\drivers\NS\1608000.032\ccsetx86.sys
2017-02-09 01:09:46 1B6EC6B91DAB7971530D61D4F2BFB22F 229616 ----a-w- C:\Windows\System32\drivers\NS\1608000.032\ironx86.sys
2017-02-09 01:09:11 423903085E55FD24A0F49195160EE612 634096 ----a-w- C:\Windows\System32\drivers\NS\1608000.032\srtsp.sys
2017-02-09 00:46:46 FDBDEDB746A33BAFC17394D1960ADEAF 94936 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2017-02-08 23:21:50 D96343D30CAE7610E85F073465B64B83 3916 ----a-w- C:\AdwCleaner\Quarantine\files\ntjxeqicgpebpcfrzcanrjosbusuvsyg\updates\3003update.zip
2017-02-08 23:21:50 7615543E072AB393C538A0A5A0FE5AEA 33085 ----a-w- C:\AdwCleaner\Quarantine\files\ntjxeqicgpebpcfrzcanrjosbusuvsyg\updates\3004update.zip
2017-02-08 23:21:50 28B9D0C3DB8AEC6ECBC1E1370A8779D5 2795 ----a-w- C:\AdwCleaner\Quarantine\files\ntjxeqicgpebpcfrzcanrjosbusuvsyg\updates\3005update.zip
2017-02-08 23:21:47 95E178E1051BF60D571081E1F0471886 28972240 ----a-w- C:\AdwCleaner\Quarantine\files\ntjxeqicgpebpcfrzcanrjosbusuvsyg\updates\3002mupdate.zip
2017-02-08 23:21:44 F6C9AE08D057B2E2E415DC21E6ADC641 34764852 ----a-w- C:\AdwCleaner\Quarantine\files\ntjxeqicgpebpcfrzcanrjosbusuvsyg\updates\2561completedatabase.zip
2017-02-08 08:23:47 E111BABE2BCA0F9CD3E45606EB63944F 87792 ----a-w- C:\Windows\System32\drivers\SYMEVENT.SYS
2017-02-07 12:06:01 F315D0792A4849C06CA6211D94D97C3B 54177 ----a-w- C:\AdwCleaner\Quarantine\files\zpwkdqxykwonqpqiuhjrwlycmbabvevk\updates\2996update.zip
2017-02-07 12:06:01 E93B226063EFF6EAAF68D91C370F50D3 1486 ----a-w- C:\AdwCleaner\Quarantine\files\zpwkdqxykwonqpqiuhjrwlycmbabvevk\updates\3000update.zip
2017-02-07 12:06:01 5181169E27875EBEC08E65823FAC1C28 384113 ----a-w- C:\AdwCleaner\Quarantine\files\zpwkdqxykwonqpqiuhjrwlycmbabvevk\updates\3001update.zip
2017-02-07 12:06:01 3685708DF94E8518596F065584BDF150 322043 ----a-w- C:\AdwCleaner\Quarantine\files\zpwkdqxykwonqpqiuhjrwlycmbabvevk\updates\2999update.zip
2017-02-07 12:06:01 1B88A61A0E6E6958F4B57B1CB1DD8F30 8871 ----a-w- C:\AdwCleaner\Quarantine\files\zpwkdqxykwonqpqiuhjrwlycmbabvevk\updates\2997update.zip
2017-02-07 12:06:01 0272285C7946D6FD60B4E1CAA91C4E9B 1486 ----a-w- C:\AdwCleaner\Quarantine\files\zpwkdqxykwonqpqiuhjrwlycmbabvevk\updates\2998update.zip
2017-02-07 12:05:59 F6C9AE08D057B2E2E415DC21E6ADC641 34764852 ----a-w- C:\AdwCleaner\Quarantine\files\zpwkdqxykwonqpqiuhjrwlycmbabvevk\updates\2561completedatabase.zip
2017-02-07 12:05:59 BE050338D4E2E7FD3CF229AF60B09917 28380736 ----a-w- C:\AdwCleaner\Quarantine\files\zpwkdqxykwonqpqiuhjrwlycmbabvevk\updates\2995mupdate.zip
2017-02-07 12:05:41 F315D0792A4849C06CA6211D94D97C3B 54177 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\2996update.zip
2017-02-07 12:05:41 E93B226063EFF6EAAF68D91C370F50D3 1486 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\3000update.zip
2017-02-07 12:05:41 5181169E27875EBEC08E65823FAC1C28 384113 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\3001update.zip
2017-02-07 12:05:41 3685708DF94E8518596F065584BDF150 322043 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\2999update.zip
2017-02-07 12:05:41 1B88A61A0E6E6958F4B57B1CB1DD8F30 8871 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\2997update.zip
2017-02-07 12:05:41 0272285C7946D6FD60B4E1CAA91C4E9B 1486 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\2998update.zip
2017-02-07 12:05:39 BE050338D4E2E7FD3CF229AF60B09917 28380736 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\2995mupdate.zip
2017-02-07 12:05:37 F6C9AE08D057B2E2E415DC21E6ADC641 34764852 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\2561completedatabase.zip
2017-02-07 12:05:37 8F435197C7D81CFFD18C4B63835D880E 84750 ----a-w- C:\AdwCleaner\Quarantine\files\rgtuhbbbbzelhijhgmlslcaqiphfmhnv\Advanced System Protector\updates\100oupdate.zip
2017-02-06 10:54:20 E93B226063EFF6EAAF68D91C370F50D3 1486 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\Systweak\Advanced System Protector\updates\3000update.zip
2017-02-06 10:54:20 3685708DF94E8518596F065584BDF150 322043 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\Systweak\Advanced System Protector\updates\2999update.zip
2017-02-06 10:54:19 F315D0792A4849C06CA6211D94D97C3B 54177 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\Systweak\Advanced System Protector\updates\2996update.zip
2017-02-06 10:54:19 1B88A61A0E6E6958F4B57B1CB1DD8F30 8871 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\Systweak\Advanced System Protector\updates\2997update.zip
2017-02-06 10:54:19 0272285C7946D6FD60B4E1CAA91C4E9B 1486 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\Systweak\Advanced System Protector\updates\2998update.zip
2017-02-06 10:53:38 BE050338D4E2E7FD3CF229AF60B09917 28380736 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\Systweak\Advanced System Protector\updates\2995mupdate.zip
2017-02-06 10:53:38 8F435197C7D81CFFD18C4B63835D880E 84750 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\Systweak\Advanced System Protector\updates\100oupdate.zip
2017-02-06 10:52:45 F6C9AE08D057B2E2E415DC21E6ADC641 34764852 ----a-w- C:\Users\unko\AppData\Roaming\ZHP\Quarantine\Systweak\Advanced System Protector\updates\2561completedatabase.zip
2017-02-06 05:54:02 0C997B061E3C66BD9E927C1288EB1CC7 24688 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-114335241-451106317-3397992227-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe"
"GUDelayStartup"="C:\Program Files\Glary Utilities 5\StartupManager.exe -delayrun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SystemExplorerAutoStart"="C:\Program Files\System Explorer\SystemExplorer.exe /TRAY"
"Malwarebytes TrayApp"="C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe"
"Everything"="C:\Program Files\SecureAge\Everything\Everything.exe -config C:\Program Files\SecureAge\Everything\Everything.ini --startup"
"SAAppWhitelistingNotifier"="C:\Program Files\SecureAge\Whitelist\sanotifier.exe"
"SecureAPlus"="C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe /tray"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe"
"GUDelayStartup"="C:\Program Files\Glary Utilities 5\StartupManager.exe -delayrun"
==== Startup Folders ======================
2015-12-18 17:19:36 1957 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\クライアントユーティリティ.lnk
==== Other Scheduled Tasks ======================
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GlaryInitialize 5" [C:\Program Files\Glary Utilities 5\Initialize.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GU5SkipUAC" [C:\Program Files\Glary Utilities 5\Integrator.exe]
"C:\Windows\system32\tasks\Norton 8M" [C:\Program Files\Norton Security\Engine\22.5.4.24\uiStub.exe]
"C:\Windows\system32\tasks\Norton WSC Integration" ["C:\Program Files\Norton Security\Engine\22.8.0.50\WSCStub.exe"]
"C:\Windows\system32\tasks\Start WinZip Driver Updater for unko-PC@unko(logon)" [C:\Program Files\WinZip Driver Updater\DriverUpdater.exe]
"C:\Windows\system32\tasks\Start WinZip Driver Updater Schedule" [C:\Program Files\WinZip Driver Updater\DriverUpdater.exe]
"C:\Windows\system32\tasks\Start WinZip Driver Updater Update" [C:\Program Files\WinZip Driver Updater\DriverUpdater.exe]
"C:\Windows\system32\tasks\Norton Security\Norton Error Analyzer" [C:\Program Files\Norton Security\Engine\22.8.0.50\SymErr.exe]
"C:\Windows\system32\tasks\Norton Security\Norton Error Processor" [C:\Program Files\Norton Security\Engine\22.8.0.50\SymErr.exe]
"C:\Windows\system32\tasks\Remediation\AntimalwareMigrationTask" ["C:\Program Files\Common Files\AV\ノートン セキュリティ\Upgrade.exe"]
==== Empty Chrome Cache ======================
C:\Users\unko\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=638 folders=87 1338737552 bytes)
==== Empty Temp Folders ======================
C:\Users\aho\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\unko\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon" [2017/02/09 18:18]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx[2016/09/24 02:03]
iikflkcanblccfahdhdonehdalibjnif - No path found[]
Google Docs - unko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Norton Security Toolbar - unko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
Norton Identity Safe - unko\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
Chrome Web Store Payments - unko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://jp.hao123.com?tn=installc_pay_hp_88_hao123_jp"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://jp.hao123.com?tn=installc_pay_hp_88_hao123_jp"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{4C8AD715-F1AC-4A2E-9278-B6CDD860918F}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{4C8AD715-F1AC-4A2E-9278-B6CDD860918F} Google Url="http://www.google.co.jp/search?hl=ja&q={searchTerms}&lr=lang_ja"
==== Reset Google Chrome ======================
C:\Users\unko\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\unko\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\unko\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\unko\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\unko\Desktop\hao123.lnk - C:\Users\unko\AppData\Roaming\baidu\hao123\hao123.exe
C:\Users\unko\Desktop\Start Tor Browser.lnk - C:\Users\unko\Desktop\Tor Browser\Browser\firefox.exe
C:\Users\unko\Desktop\サンドボックス化した Web ブラウザ.lnk - C:\Program Files\Sandboxie\Start.exe default_browser
C:\Users\unko\Desktop\Tor Browser\Start Tor Browser.lnk - C:\Users\unko\Desktop\Tor Browser\Browser\firefox.exe
C:\Users\unko\Desktop\ソフト一覧\AOMEI Backupper Standard.lnk - C:\Program Files\AOMEI Backupper\Backupper.exe
C:\Users\unko\Desktop\ソフト一覧\EaseUS Todo Backup Free 10.0.lnk - C:\Program Files\EaseUS\Todo Backup\bin\Loader.exe
C:\Users\unko\Desktop\ソフト一覧\MiniTool Partition Wizard Home Edition.lnk - C:\Program Files\MiniTool Partition Wizard Home Edition 7.8\PartitionWizard.exe
C:\Users\unko\Desktop\ソフト一覧\PDF-Viewer.lnk - C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
C:\Users\unko\Desktop\ソフト一覧\ShadowExplorer.lnk - C:\Program Files\ShadowExplorer\ShadowExplorer.exe
C:\Users\unko\Desktop\リムーバー\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
C:\Users\unko\Desktop\リムーバー\RogueKiller.lnk - C:\Program Files\RogueKiller\RogueKiller.exe
C:\Users\unko\Desktop\リムーバー\ZHPCleaner.lnk - C:\Users\unko\AppData\Roaming\ZHP\ZHPCleaner.exe
C:\Users\unko\Desktop\差分比較ソフト\WinMerge.lnk - C:\Program Files\WinMerge\WinMergeU.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Explzh.lnk - C:\Program Files\Explzh\EXPLZH.EXE
C:\Users\Public\Desktop\Glary Utilities 5.lnk - C:\Program Files\Glary Utilities 5\Integrator.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Norton Security.lnk - C:\Program Files\Norton Security\Engine\22.8.0.50\uistub.exe
C:\Users\Public\Desktop\System Explorer.lnk - C:\Program Files\System Explorer\SystemExplorer.exe
C:\Users\Public\Desktop\WinZip Driver Updater.lnk - C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk - C:\Program Files\Glary Utilities 5\Integrator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk - C:\Program Files\Wireshark\Wireshark-gtk.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk - C:\Program Files\Wireshark\Wireshark.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 10.0\EaseUS Todo Backup Free 10.0.lnk - C:\Program Files\EaseUS\Todo Backup\bin\Loader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 10.0\EaseUS Todo Backup Free 10.0をアンインストールする.lnk - C:\Program Files\EaseUS\Todo Backup\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Glary Utilities 5.lnk - C:\Program Files\Glary Utilities 5\Integrator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK\Deployment Tools Command Prompt.lnk - C:\Windows\System32\cmd.exe /k "C:\Program Files\Windows AIK\Tools\PETools\pesetenv.cmd"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK\Windows System Image Manager.lnk - C:\Program Files\Windows AIK\Tools\Image Manager\ImgMgr.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK\Documentation\Step-by-Step - Basic Windows Deployment for IT Pros.lnk - C:\Program Files\Windows AIK\Docs\Whitepapers\stepbystep_itpro.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK\Documentation\Unattended Windows Setup Reference.lnk - C:\Program Files\Windows AIK\Docs\CHMs\Unattend.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK\Documentation\Windows Automated Installation Kit User's Guide.lnk - C:\Program Files\Windows AIK\Docs\CHMs\WAIK.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK\Documentation\Windows PE User's Guide.lnk - C:\Program Files\Windows AIK\Docs\CHMs\WinPE.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK\Documentation\SDK\Help Authoring Guide.lnk - C:\Program Files\Windows AIK\SDKs\Help and Support\Help_Authoring.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK\Documentation\SDK\Introduction to Component Platform Interface Reference.lnk - C:\Program Files\Windows AIK\Docs\CHMs\cpiapi.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK\Documentation\SDK\Windows Imaging Interface Reference.lnk - C:\Program Files\Windows AIK\SDKs\WIMGAPI\wimgapi.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK\VAMT 1.2\Volume Activation Management Tool Help.lnk - C:\Program Files\Windows AIK\Docs\CHMs\VAMT.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK\VAMT 1.2\Volume Activation Management Tool.lnk - C:\Program Files\Windows AIK\Tools\VAMT\x86\VAMT.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security\LiveUpdate.lnk - C:\Program Files\Norton Security\Engine\22.8.0.50\uistub.exe /lu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security\Norton Security.lnk -
C:\Program Files\Norton Security\Engine\22.8.0.50\uistub.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security\Support.lnk - C:\Program
Files\Norton Security\Engine\22.8.0.50\symerr.exe /support
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security\Uninstall Norton
Security.lnk - C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}
\NS\562C4DD5\22.8.0.50\inststub.exe /X /shortcut
==== shortcuts in Quick Launch ======================
C:\Users\aho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\aho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AOMEI Backupper Standard.lnk - C:\Program Files\AOMEI Backupper\Backupper.exe
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Command Prompt (2).lnk - C:\Windows\system32\cmd.exe
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk - C:\Windows\system32\cmd.exe
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\EaseUS Todo Backup Free 10.0.lnk - C:\Program Files\EaseUS\Todo Backup\bin\Loader.exe
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk - C:\Program Files\Glary Utilities 5\Integrator.exe
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\regedt32 - ショートカット.lnk - C:\Windows\System32\regedt32.exe
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Registry Finder.lnk - C:\Program Files\Registry Finder\RegistryFinder.exe
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Explorer.lnk - C:\Program Files\System Explorer\SystemExplorer.exe
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Restore (2).lnk - C:\Windows\system32\rstrui.exe
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk - C:\Windows\system32\rstrui.exe
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Task Scheduler.lnk - C:\Windows\system32\taskschd.msc /s
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wireshark Legacy.lnk - C:\Program Files\Wireshark\Wireshark-gtk.exe
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk - C:\Program Files\Wireshark\Wireshark.exe
C:\Users\unko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\サンドボックス化した Web ブラウザ.lnk - C:\Program Files\Sandboxie\Start.exe default_browser
==== HijackThis Entries ======================
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SystemExplorerAutoStart] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKLM\..\Run: [Everything] "C:\Program Files\SecureAge\Everything\Everything.exe" -config "C:\Program Files\SecureAge\Everything\Everything.ini" --startup
O4 - HKLM\..\Run: [SAAppWhitelistingNotifier] C:\Program Files\SecureAge\Whitelist\sanotifier.exe
O4 - HKLM\..\Run: [SecureAPlus] "C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe" /tray
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - Global Startup: クライアントユーティリティ.lnk = C:\Program Files\Logitec\LAN-W150N-U2\Common\RaUI.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AOMEI Backupper Scheduler Service (Backupper Service) - AOMEI Tech Co., Ltd. - C:\Program Files\AOMEI Backupper\ABService.exe
O23 - Service: EaseUS Agentサービス (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: Everything - Unknown owner - C:\Program Files\SecureAge\Everything\Everything.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Norton Security (NS) - Symantec Corporation - C:\Program Files\Norton Security\Engine\22.8.0.50\NS.exe
O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files\Logitec\LAN-W150N-U2\Common\RaRegistry.exe
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Unknown owner - C:\Program Files\Logitec\LAN-W150N-U2\Common\RaMediaServer.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SecureAge Application Whitelisting Service (saappsvc) - SecureAge Technology - C:\Program Files\SecureAge\Whitelist\saappsvc.exe
O23 - Service: SecureAge Everything Server (SAEverythingServer) - SecureAge Technology - C:\Program Files\SecureAge\Everything\EverythingServer.exe
O23 - Service: SecureAge Virus Scanner (sascansvc) - SecureAge Technology - C:\Program Files\SecureAge\AntiVirus\sascansvc.exe
O23 - Service: SecureAge UniversalAV Service (SAUAVSvc) - SecureAge Technology - C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SecureAPlus Service (SecureAPlusService) - SecureAge Technology - C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe
O23 - Service: ShadowExplorer Service (sesvc) - www.shadowexplorer.com - C:\Program Files\ShadowExplorer\sesvc.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files\System Explorer\service\SystemExplorerService.exe
O23 - Service: WinZipSmartMonitorService - Unknown owner - C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitorService.exe
==== Empty IE Cache ======================
C:\Users\unko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\unko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\unko\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders == ===================
"C:\Users\unko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on 2017/02/12 at 15:48:21.28 ======================
(なんとノートンに関する禁止ワードですよ)
-
6:管理人です
:
2017/02/12 (Sun) 18:27:43
-
zoek.exeのfixスクリプトは以下のようなもの
↓
C:\Users\Public\Documents\Baidu;f
C:\Users\Public\Desktop\WinZip Driver Updater.lnk;f
----------------------
(抜粋)
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by unko on 2017/02/12 at 16:30:37.09.
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\unko\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
==== Deleting Files \ Folders ======================
"C:\Users\unko\Desktop\hao123.lnk" not found
"C:\Users\unko\AppData\Roaming\baidu\hao123\hao123.exe " not found
"C:\Users\Public\Desktop\WinZip Driver Updater.lnk" not found
"C:\Program Files\WinZip Driver Updater\Uninstall.exe" not found
"C:\Program Files\WinZip Driver Updater\DriverUpdater.exe" not found
"O23 - Service: WinZipSmartMonitorService - Unknown owner - C:\Program Files\WinZip Smart
Monitor\WinZipSmartMonitorService.exe" not found
"C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitorService.exe" deleted
"C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe" deleted
"C:\Windows\system32\Tasks\Start WinZip Driver Updater Schedule" deleted
"C:\Windows\system32\Tasks\Start WinZip Driver Updater Update" deleted
"C:\Windows\system32\Tasks\Start WinZip Driver Updater for unko-PC@unko(logon)" deleted
"C:\Users\unko\Downloads\RegClean-Pro_6.2.exe" deleted
"C:\Users\unko\Desktop\RegClean-Pro_6.2.exe" deleted
"C:\FRST\Quarantine\C\Users\unko\AppData\Roaming\DesktopIconCALLofWAR\desktopicon-CALLofWAR.exe"
deleted
"C:\FRST\Quarantine\C\Users\unko\AppData\Roaming\DesktopIconAmazon\desktopicon-Amazon.exe"
deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip Driver
Updater\Uninstall.lnk" deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip Driver Updater\WinZip Driver
Updater.lnk" deleted
"C:\Program Files\WinZip Smart Monitor\apps.json" deleted
"C:\Program Files\WinZip Smart Monitor\msvcp100.dll" deleted
"C:\Program Files\WinZip Smart Monitor\msvcr100.dll" not deleted
"C:\Program Files\WinZip Smart Monitor\SystemInfo-vc100-mt.dll" deleted
"C:\Program Files\WinZip Smart Monitor\SystemInfo-vc100-mt.mab" deleted
"C:\Program Files\WinZip Smart Monitor\Uninstall.exe" deleted
"C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe" deleted
"C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.mab" deleted
"C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitorService.exe" deleted
"C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitorService.mab" deleted
"C:\Program Files\WinZip Smart Monitor\Plugins\5ae6acfc-937d-43b9-b91e-954fa7ad3f06.1.0.0.4
\5ae6acfc-937d-43b9-b91e-954fa7ad3f06.1.0.0.4.dll" deleted
"C:\Program Files\WinZip Smart Monitor\Plugins\5ae6acfc-937d-43b9-b91e-954fa7ad3f06.1.0.0.4
\5ae6acfc-937d-43b9-b91e-954fa7ad3f06.1.0.0.4.mab" deleted
"C:\Program Files\WinZip Smart Monitor\Plugins\78EB6AEF-BCAB-4E11-9315-3B06CCAA1BDD.1.0.0.4
\78EB6AEF-BCAB-4E11-9315-3B06CCAA1BDD.1.0.0.4.dll" deleted
"C:\Program Files\WinZip Smart Monitor\Plugins\78EB6AEF-BCAB-4E11-9315-3B06CCAA1BDD.1.0.0.4
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip Driver Updater\WinZip Driver
Updater.lnk" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\CommonSettings.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\freeDriver" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\backups\BackupInfo.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\Language\Brazilian.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\Language\Danish.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\Language\Dutch.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\Language\English.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\Language\Finnish.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\Language\French.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\Language\German.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\Language\Italian.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\Language\Japanese.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\Language\Norwegian.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\Language\Russian.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\Language\Spanish.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\Language\Swedish.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\Language\TradChinese.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\Language\Turkish.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\S-1-5-21-114335241-451106317-3397992227-1000
\AppSettings.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\S-1-5-21-114335241-451106317-3397992227-1000
\app_log.log" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\S-1-5-21-114335241-451106317-3397992227-1000
\DRmanager_log.log" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\S-1-5-21-114335241-451106317-3397992227-1000
\Request.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\S-1-5-21-114335241-451106317-3397992227-1000
\Response.xml" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\S-1-5-21-114335241-451106317-3397992227-1000
\crashdDumps\crash_2017_02_12_12_44_48.dmp" deleted
"C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-114335241-451106317-3397992227-1000
\settings.data" deleted
"C:\Users\Public\Documents\Baidu\Common\I18N\conf.db" deleted
"C:\Program Files\WinZip Smart Monitor" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Roaming\ESET" deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip" deleted
"C:\ProgramData\WinZip" deleted
"C:\Users\Public\Documents\Baidu" deleted
"C:\Program Files\WinZip Smart Monitor\Plugins" deleted
"C:\Program Files\WinZip Smart Monitor\Plugins\5ae6acfc-937d-43b9-b91e-954fa7ad3f06.1.0.0.4"
deleted
"C:\Program Files\WinZip Smart Monitor\Plugins\78EB6AEF-BCAB-4E11-9315-3B06CCAA1BDD.1.0.0.4"
deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip Driver Updater" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater" deleted
"C:\ProgramData\WinZip\WinZip Smart Monitor" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\backups" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\Language" deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\S-1-5-21-114335241-451106317-3397992227-1000"
deleted
"C:\ProgramData\WinZip\WinZip Driver Updater\S-1-5-21-114335241-451106317-3397992227-1000
\crashdDumps" deleted
"C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-114335241-451106317-3397992227-1000"
deleted
"C:\Users\Public\Documents\Baidu\Common" deleted
"C:\Users\Public\Documents\Baidu\Common\I18N" deleted
==== C:\zoek_backup content ======================
C:\zoek_backup (files=668 folders=101 1358777188 bytes)
==== After Reboot ======================
==== Deleting Files / Folders ======================
"C:\Program Files\WinZip Smart Monitor\msvcr100.dll" not found
"C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitorService.exesearch" not found
"C:\Program Files\WinZip Smart Monitor" not found
==== EOF on 2017/02/12 at 18:13:39.26 ======================
(fixスクリプトを駆使すればさまざま削除可能)
-
7:管理人です
:
2017/02/12 (Sun) 18:37:53
-
ComboFixでオートスキャンし、取りこぼしたものをzoek.exeでごみ掃除してきた。
さらにAdwでscanしてみると
↓
# AdwCleaner v6.043 - ログファイルの作成日 12/02/2017 作成時間 18:35:24
# Malwarebytesによる 27/01/2017 の更新日
# データベース : 2017-02-09.1 [ローカル]
# オペレーティングシステム : Windows Vista (TM) Business Service Pack 2 (X86)
# ユーザー名 : unko - UNKO-PC
# 実行場所 : C:\Users\unko\Desktop\リムーバー\adwcleaner_6.043.exe
# モード:スキャン
# サポート : https://www.malwarebytes.com/support
***** [ サービス ] *****
検出済みサービス: WinZipSmartMonitorService
***** [ フォルダ ] *****
悪意あるフォルダを検出しませんでした。
***** [ ファイル ] *****
悪意あるファイルを検出しませんでした。
***** [ DLL ] *****
悪意あるDLLsファイルを検出しませんでした。
***** [ WMI ] *****
悪意あるキーを検出しませんでした。
***** [ ショートカット ] *****
改ざん済みショートカットを検出しませんでした。
***** [ スケジュール済みタスク ] *****
検出済みタスク: PROPCCleaner_Popup
検出済みタスク: PROPCCleaner_Start
***** [ レジストリ ] *****
検出済みキー: HKU\S-1-5-21-114335241-451106317-3397992227-1000\Software\PRODUCTSETUP
検出済みキー: HKU\S-1-5-21-114335241-451106317-3397992227-1000\Software\csastats
検出済みキー: HKCU\Software\PRODUCTSETUP
検出済みキー: HKCU\Software\csastats
検出済みキー: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com
検出済みキー: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PRO PC Cleaner
検出済みキー: HKLM\SOFTWARE\CLASSES\APPID\WinZipSmartMonitorService.exe
***** [ Webブラウザ ] *****
悪意あるFirefoxベースの要素を検出しませんでした。
悪意あるChromiumベースの要素を検出しませんでした。
*************************
(古いlogは割愛した)
########## EOF - C:\AdwCleaner\AdwCleaner[S18].txt - [4323 バイト] ##########
-
8:管理人です
:
2017/02/12 (Sun) 19:06:46
-
zoek.exeはブラウザの修復機能が素晴らしいと思う。PUP感染した場合の手順としては
❶PUPが実装しているアンインストーラーを利用して可能な限りのアンインストールを行う(鉄則)
❷次、zoek.exeのオートクリーン機能でブラウザ修復と、ざっくり削除が良いと思う。
❸Adw,あるいはMBAMを使い広範囲に削除を行い
❹最後にFRST.exeを使いゴミ掃除(目視と手動削除)
この手順で作業を行えば、相当程度、解決できるはず。
ママ姐女史が激唱しているComboFixは、うーん「ちょっと、、、、」ネ(爆)。
Windows8.1とWindows10には対応しきれていないComboFixだし。
-
9:管理人です
:
2017/02/12 (Sun) 20:44:05
-
http://ore-sama123.bbs.fc2.com/?act=reply&tid=5456776
簡単な解説
-
10:管理人です
:
2017/02/19 (Sun) 13:57:21
-
https://www.virustotal.com/ja/url/0d90e7cc652faef9f059bf777b1155dbdc0820a418ac8d837f6cc19344025011/analysis/1487479953/
フォルダ作成型ワンクリウエアです。これをComboFixで処理する場合どうするか?
----------------------------------------
(*ComboFixのfixスクリプト)
Folder::
C:\ProgramData\kirin
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"webkirin"=-
Registry::
[-HKEY_CURRENT_USER\Software\Webkirin]
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\webkirin]
------------------------------------------
さてと。
ComboFixを使ったことがあるuserなら感じると思いますけど簡単に言えば「時代おくれ」になりつつあるtoolだなってこと。使い勝手も良いとも言えないし、自動scanの時点でのscan精度も劣化しつつある(というより検知精度が上がっていない)。
さらに言えばWindows8.1とWindows10には対応しきれていない。こんなtoolを「今、使え」と意味不明な絶叫放送を繰り返す知恵袋の荒唐無稽非重要文化財「ママ姐女史」は、何が言いたくて「連日」知恵袋を荒らしているのか、全くもって理解できませんなぁ(爆)。
別にComboFixなど使わなくても(使う必要がないから管理人は使わないだけで)FRST.exe.やzoek.exeのような後発toolで良いセキュリティtoolがデビューしているわけだし、Windows10にも対応できていて「今」使うのなら、それら。間違ってもComboFixではない。
そもそも。例えばワンクリウエア程度ならC Cleanerを駆使して処理することも可能だし、レジストリエディターを使ったり、バッチファイル、REGファイルなどなど、あの手この手で処理できるというもの。
ComboFixが使える=セキュリティ通だと勘違いをしている「ママ姐女史」ってのは
=セキュリティ「痛」なのです
イテテッッッッっっっっ!
*
特定のtoolが使えることを「吹聴」し自慢話を繰り返す。
バッチファイルが自作できる(馬鹿馬鹿しい、藁)ことをもって「セキュリティ痛」を自称する。
まるで「幼稚園児」じゃありませんか。
厨房と言い換えても良い=「俺とおまえの珍子、どっちが大きい?」と比較自慢しあう厨房そのもの。
管理人はいつも思うのですが「学ぶ」姿勢こそが、知識skillを向上させる唯一の秘訣だと。
ネットの世界には無数の「先生」がおります。
先生たちの「奥の深い」知識を学び、精進してゆきたいものです。
管理人より